VYPR

rpm package

suse/MozillaFirefox&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Vulnerabilities (311)

  • CVE-2018-12115HigAug 21, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that s

  • CVE-2018-7167HigJun 13, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in the

  • CVE-2018-7161HigJun 13, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers

  • CVE-2018-0732HigJun 12, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client

  • CVE-2018-7160HigMay 17, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the comp

  • CVE-2018-7159MedMay 17, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.

  • CVE-2018-7158HigMay 17, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitP

  • CVE-2018-1000168HigMay 8, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap

  • CVE-2017-18207MedMar 1, 2018
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca

  • CVE-2017-17820MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.

  • CVE-2017-17819MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.

  • CVE-2017-17818HigDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

  • CVE-2017-17817MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17816MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17815MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

  • CVE-2017-17814MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17813MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.

  • CVE-2017-17812MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

  • CVE-2017-17811MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

  • CVE-2017-17810MedDec 21, 2017
    affected < 68.2.0-78.51.4fixed 68.2.0-78.51.4

    In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.