Vulnerability CVE-2016-2216 - CERT Civis.Net

Vulnerability Name:

CVE-2016-2216 (CCN-110529)

Assigned:

2016-02-09

Published:

2016-02-09

Updated:

2017-07-01

Summary:

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MISC
Type: UNKNOWN
http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/

Source: MITRE
Type: CNA
CVE-2016-2216

Source: MISC
Type: UNKNOWN
http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf

Source: FEDORA
Type: UNKNOWN
FEDORA-2016-3102c11757

Source: FEDORA
Type: UNKNOWN
FEDORA-2016-8925b6119f

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html

Source: CCN
Type: BugTraq Mailing List, Tue, 9 Feb 2016 20:27:31 +0200
Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216)

Source: CCN
Type: IBM Security Bulletin T1023905 (Business Process Manager)
Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor

Source: CCN
Type: IBM Security Bulletin N1021157 (i)
Vulnerabilities in Node.js affect IBM i

Source: CCN
Type: IBM Security Bulletin 1976356
Multiple vulnerabilities in current releases of IBM SDK for Node.js

Source: CCN
Type: IBM Security Bulletin 1977014
Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in IBM Rational Application Developer (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Source: CCN
Type: IBM Security Bulletin 1977146
Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Source: CCN
Type: IBM Security Bulletin 1977242 (SDK for Node.js for Bluemix)
Multiple vulnerabilities in current releases of IBM SDK for Node.js in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216)

Source: BID
Type: UNKNOWN
83141

Source: CCN
Type: BID-83141
Node.js CVE-2016-2216 HTTP Response Splitting Vulnerability

Source: XF
Type: UNKNOWN
nodejs-cve20162216-response-splitting(110529)

Source: CCN
Type: Node.js Web site
February 2016 Security Release Summary

Source: CONFIRM
Type: Patch, Vendor Advisory
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/

Source: CCN
Type: Packet Storm Security [02-11-2016]
Node.js HTTP Response Splitting

Source: GENTOO
Type: UNKNOWN
GLSA-201612-43

Source: CCN
Type: Apple security document HT207268
About the security content of Xcode 8.1

Vulnerable Configuration:

Configuration 1:

cpe:/a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.11:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.12:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.13:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.14:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.15:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.11.16:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:fedoraproject:fedora:22:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.7.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20162216	V	CVE-2016-2216	2022-09-02
oval:org.opensuse.security:def:94261	P	(Important)	2022-07-14
oval:org.opensuse.security:def:1682	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:1673	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:1095	P	Security update for wavpack (Moderate)	2022-03-28
oval:org.opensuse.security:def:1691	P	Security update for mariadb (Important)	2022-03-04
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:1086	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:33060	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30159	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33742	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:33037	P	Security update for tomcat (Important)	2021-11-03
oval:org.opensuse.security:def:35273	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:29429	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:66930	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71349	P	mutt-1.10.1-3.3.4 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64762	P	Security update for apache2 (Important)	2021-09-03
oval:org.opensuse.security:def:29418	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:29417	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:30120	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:34514	P	Security update for qemu (Moderate)	2021-08-23
oval:org.opensuse.security:def:47743	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48308	P	spice-vdagent-0.16.0-8.5.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47631	P	grub2-2.02-11.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48169	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47607	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47936	P	zypper-1.13.45-21.23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47752	P	libopenjp2-7-2.1.0-4.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48317	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47608	P	file-5.22-10.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48068	P	libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47616	P	gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47945	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47622	P	glibc-2.22-15.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48160	P	libopenssl-1_0_0-devel-1.0.2p-3.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47617	P	gdm-3.10.0.1-54.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48077	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100974	P	libsndfile-devel-1.0.28-5.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:30222	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:68009	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-07-14
oval:org.opensuse.security:def:66838	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:48733	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48677	P	java-1_7_0-openjdk-plugin-1.5.1-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48522	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48764	P	bash-lang-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48742	P	libqt4-sql-mysql-32bit-4.8.6-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48606	P	python-imaging-1.1.7-21.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48835	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48531	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48773	P	gd-32bit-2.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48668	P	empathy-3.10.3-1.131 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48615	P	rpcbind-0.2.3-21.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48844	P	java-1_7_0-openjdk-plugin-1.6.2-2.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:33657	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:34430	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:30071	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:33899	P	Security update for permissions (Important)	2021-04-29
oval:org.opensuse.security:def:31159	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:34418	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:34419	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:30178	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:32892	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:33104	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:64675	P	Security update for zstd (Moderate)	2021-03-24
oval:org.opensuse.security:def:28955	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:68109	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:32275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34650	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:33781	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:30016	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32998	P	Security update for python-urllib3 (Moderate)	2021-02-03
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:70286	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:35952	P	libgnomesu-1.0.0-307.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71462	P	cracklib-2.9.6-9.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2312	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63410	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103744	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117198	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2321	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:90089	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107640	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63392	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35911	P	gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2303	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63401	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:28265	P	Security update for mercurial (Important)	2020-12-01
oval:org.opensuse.security:def:28559	P	Security update for gtk2	2020-12-01
oval:org.opensuse.security:def:28906	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:29055	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:29633	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:30494	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30860	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:50060	P	graphviz-tcl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32649	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31862	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33428	P	Security update for clamav, clamav-db, clamav-debuginfo, clamav-debugsource	2020-12-01
oval:org.opensuse.security:def:34114	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:34271	P	Security update for puppet (Moderate)	2020-12-01
oval:org.opensuse.security:def:35055	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:35229	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:28264	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:28276	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:28616	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:29720	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:50114	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30626	P	Security update for Xen and libvirt	2020-12-01
oval:org.opensuse.security:def:31015	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32363	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:32736	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50069	P	libfpm_pb0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33439	P	Security update for ethereal and wireshark	2020-12-01
oval:org.opensuse.security:def:33810	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:34163	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:34749	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:35114	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28343	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:28994	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:34909	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:29777	P	Security update for GnuTLS	2020-12-01
oval:org.opensuse.security:def:73503	P	graphviz-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30409	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30716	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50123	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32498	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29729	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:33521	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:34202	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:50078	P	libspice-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34806	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35163	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:34949	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:30408	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28474	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:28852	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29011	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:70181	P	ncurses-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29501	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29863	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:30420	P	Security update for xorg-x11-libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:30773	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:29693	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:32592	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50132	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33427	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:34056	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:34227	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30897	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:34896	P	Security update for cyrus-imapd (Low)	2020-12-01
oval:org.opensuse.security:def:35202	P	Security update for PostgreSQL 9.1	2020-12-01
oval:com.ubuntu.cosmic:def:201622160000000	V	CVE-2016-2216 on Ubuntu 18.10 (cosmic) - low.	2016-04-07
oval:com.ubuntu.artful:def:20162216000	V	CVE-2016-2216 on Ubuntu 17.10 (artful) - low.	2016-04-07
oval:com.ubuntu.trusty:def:20162216000	V	CVE-2016-2216 on Ubuntu 14.04 LTS (trusty) - low.	2016-04-07
oval:com.ubuntu.bionic:def:201622160000000	V	CVE-2016-2216 on Ubuntu 18.04 LTS (bionic) - low.	2016-04-07
oval:com.ubuntu.bionic:def:20162216000	V	CVE-2016-2216 on Ubuntu 18.04 LTS (bionic) - low.	2016-04-07
oval:com.ubuntu.xenial:def:20162216000	V	CVE-2016-2216 on Ubuntu 16.04 LTS (xenial) - low.	2016-04-07
oval:com.ubuntu.xenial:def:201622160000000	V	CVE-2016-2216 on Ubuntu 16.04 LTS (xenial) - low.	2016-04-07
oval:com.ubuntu.cosmic:def:20162216000	V	CVE-2016-2216 on Ubuntu 18.10 (cosmic) - low.	2016-04-07
oval:com.ubuntu.disco:def:201622160000000	V	CVE-2016-2216 on Ubuntu 19.04 (disco) - low.	2016-04-07
oval:com.ubuntu.precise:def:20162216000	V	CVE-2016-2216 on Ubuntu 12.04 LTS (precise) - low.	2016-04-07