Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise
(Suse)Repositories | https://github.com/nodejs/node |
#Vulnerabilities | 93 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-10-10 | CVE-2016-7099 | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | Node\.js, Linux_enterprise | 5.9 | ||
2016-10-10 | CVE-2016-5325 | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | Node\.js, Linux_enterprise | 6.1 | ||
2016-04-30 | CVE-2016-2807 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | Firefox, Firefox_esr, Leap, Opensuse, Linux_enterprise | 8.8 | ||
2016-04-30 | CVE-2016-2806 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | Debian_linux, Firefox, Leap, Opensuse, Linux_enterprise | 8.8 |