rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (311)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12115 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Aug 21, 2018 | In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that s | |
| CVE-2018-7167 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Jun 13, 2018 | Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in the | |
| CVE-2018-7161 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Jun 13, 2018 | All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers | |
| CVE-2018-0732 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Jun 12, 2018 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client | |
| CVE-2018-7160 | Hig | 8.8 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | May 17, 2018 | The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the comp | |
| CVE-2018-7159 | Med | 5.3 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | May 17, 2018 | The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node. | |
| CVE-2018-7158 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | May 17, 2018 | The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitP | |
| CVE-2018-1000168 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | May 8, 2018 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap | |
| CVE-2017-18207 | Med | 6.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Mar 1, 2018 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca | |
| CVE-2017-17820 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | |
| CVE-2017-17819 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. | |
| CVE-2017-17818 | Hig | 7.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. | |
| CVE-2017-17817 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | |
| CVE-2017-17816 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | |
| CVE-2017-17815 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. | |
| CVE-2017-17814 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | |
| CVE-2017-17813 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. | |
| CVE-2017-17812 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. | |
| CVE-2017-17811 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. | |
| CVE-2017-17810 | Med | 5.5 | < 68.2.0-78.51.4 | 68.2.0-78.51.4 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. |
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that s
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in the
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the comp
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitP
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
- affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
Page 14 of 16