rpm package
suse/nodejs10&distro=SUSE Linux Enterprise Module for Web and Scripting 12
pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9511 | — | < 10.16.3-1.12.1 | 10.16.3-1.12.1 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and | ||
| CVE-2019-9514 | — | < 10.16.3-1.12.1 | 10.16.3-1.12.1 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer | ||
| CVE-2019-13173 | — | < 10.16.0-1.9.1 | 10.16.0-1.9.1 | Jul 2, 2019 | fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirW | ||
| CVE-2019-5737 | — | < 10.15.2-1.6.1 | 10.15.2-1.6.1 | Mar 28, 2019 | In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection an |
- CVE-2019-9511Aug 13, 2019affected < 10.16.3-1.12.1fixed 10.16.3-1.12.1
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and
- CVE-2019-9514Aug 13, 2019affected < 10.16.3-1.12.1fixed 10.16.3-1.12.1
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer
- CVE-2019-13173Jul 2, 2019affected < 10.16.0-1.9.1fixed 10.16.0-1.9.1
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirW
- CVE-2019-5737Mar 28, 2019affected < 10.15.2-1.6.1fixed 10.15.2-1.6.1
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection an
Page 3 of 3