VYPR

rpm package

suse/MozillaFirefox-branding-SLED&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Vulnerabilities (151)

  • CVE-2017-15897LowDec 11, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such t

  • CVE-2017-15896CriDec 11, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentica

  • CVE-2017-3738MedDec 7, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believ

  • CVE-2017-3736MedNov 2, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are n

  • CVE-2017-14919HigOct 30, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.

  • CVE-2015-7384HigOct 10, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

  • CVE-2017-14849HigSep 28, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

  • CVE-2017-14228MedSep 9, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.

  • CVE-2017-3735MedAug 28, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g

  • CVE-2017-11499HigJul 25, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building

  • CVE-2017-11111HigJul 8, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-1000381HigJul 7, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

  • CVE-2017-10686HigJun 29, 2017
    affected < 68-21.9.8fixed 68-21.9.8

    In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that cou

  • CVE-2016-7099MedOct 10, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted ce

  • CVE-2016-5325MedOct 10, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reaso

  • CVE-2016-7052HigSep 26, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

  • CVE-2016-6306MedSep 26, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

  • CVE-2016-6304HigSep 26, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

  • CVE-2016-5172MedSep 25, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

  • CVE-2016-2183HigSep 1, 2016
    affected < 68-21.9.8fixed 68-21.9.8

    The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura

Page 7 of 8