VYPR

rpm package

suse/nodejs10&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP1

pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP1

Vulnerabilities (24)

  • CVE-2019-9513HigAug 13, 2019
    affected < 10.16.3-1.12.1fixed 10.16.3-1.12.1

    Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consu

  • CVE-2019-9512HigAug 13, 2019
    affected < 10.16.3-1.12.1fixed 10.16.3-1.12.1

    Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum

  • CVE-2019-9511HigAug 13, 2019
    affected < 10.16.3-1.12.1fixed 10.16.3-1.12.1

    Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and

  • CVE-2019-13173HigJul 2, 2019
    affected < 10.16.0-1.9.1fixed 10.16.0-1.9.1

    fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirW

Page 2 of 2