rpm package
opensuse/htmldoc&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/htmldoc&distro=openSUSE%20Leap%2015.3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3997 | — | < 1.9.12-bp153.2.6.1 | 1.9.12-bp153.2.6.1 | Aug 23, 2022 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | ||
| CVE-2021-44533 | — | < 1.9.12-bp153.2.9.1 | 1.9.12-bp153.2.9.1 | Feb 24, 2022 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguis | ||
| CVE-2021-44532 | — | < 1.9.12-bp153.2.9.1 | 1.9.12-bp153.2.9.1 | Feb 24, 2022 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name | ||
| CVE-2021-44531 | — | < 1.9.12-bp153.2.9.1 | 1.9.12-bp153.2.9.1 | Feb 24, 2022 | Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are o | ||
| CVE-2022-21824 | — | < 1.9.12-bp153.2.9.1 | 1.9.12-bp153.2.9.1 | Feb 24, 2022 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The p | ||
| CVE-2021-25219 | — | < 1.9.12-bp153.2.15.1 | 1.9.12-bp153.2.15.1 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a |
- CVE-2021-3997Aug 23, 2022affected < 1.9.12-bp153.2.6.1fixed 1.9.12-bp153.2.6.1
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
- CVE-2021-44533Feb 24, 2022affected < 1.9.12-bp153.2.9.1fixed 1.9.12-bp153.2.9.1
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguis
- CVE-2021-44532Feb 24, 2022affected < 1.9.12-bp153.2.9.1fixed 1.9.12-bp153.2.9.1
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name
- CVE-2021-44531Feb 24, 2022affected < 1.9.12-bp153.2.9.1fixed 1.9.12-bp153.2.9.1
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are o
- CVE-2022-21824Feb 24, 2022affected < 1.9.12-bp153.2.9.1fixed 1.9.12-bp153.2.9.1
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The p
- CVE-2021-25219Oct 27, 2021affected < 1.9.12-bp153.2.15.1fixed 1.9.12-bp153.2.15.1
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a