Vulnerabilities > Suse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-10 | CVE-2016-7099 | Data Processing Errors vulnerability in multiple products The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
| 2016-10-10 | CVE-2016-5325 | HTTP Response Splitting vulnerability in multiple products CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | 4.3 |
| 2016-09-20 | CVE-2015-8934 | Out-of-bounds Read vulnerability in multiple products The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. | 4.3 |
| 2016-09-20 | CVE-2015-8933 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. | 4.3 |
| 2016-09-20 | CVE-2015-8932 | Improper Input Validation vulnerability in multiple products The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. | 4.3 |
| 2016-09-20 | CVE-2015-8931 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. | 6.8 |
| 2016-09-20 | CVE-2015-8930 | Improper Input Validation vulnerability in multiple products bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. | 5.0 |
| 2016-09-20 | CVE-2015-8929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | 4.3 |
| 2016-09-20 | CVE-2015-8928 | Out-of-bounds Read vulnerability in multiple products The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | 4.3 |
| 2016-09-20 | CVE-2015-8926 | NULL Pointer Dereference vulnerability in multiple products The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. | 4.3 |