Vulnerability CVE-2016-5325 - CERT Civis.Net

Vulnerability Name:

CVE-2016-5325 (CCN-117539)

Assigned:

2016-09-27

Published:

2016-09-27

Updated:

2018-01-05

Summary:

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-5325

Source: SUSE
Type: Third Party Advisory
SUSE-SU-2016:2470

Source: CCN
Type: RHSA-2016-2101
Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update

Source: CCN
Type: RHSA-2017-0002
Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0002

Source: CCN
Type: IBM Security Bulletin N1021765 (i)
Vulnerability CVE-2016-7099 and CVE-2016-5325 in Node.js affects IBM i

Source: CCN
Type: IBM Security Bulletin 1992427 (SDK for Node.js for Bluemix)
Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 1992681 (Rational Application Developer for WebSphere Software)
Multiple OpenSSL and Non-OpenSSL vulnerabilities in Node.js included in Rational Application Developer for WebSphere Software.

Source: CCN
Type: IBM Security Bulletin 1995758 (Business Process Manager Advanced)
Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Source: CCN
Type: IBM Security Bulletin 1999445 (API Connect)
Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)

Source: BID
Type: UNKNOWN
93483

Source: CCN
Type: BID-93483
Node.js CVE-2016-5325 CRLF Injection Vulnerability

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2101

Source: CCN
Type: Red Hat Bugzilla Bug 1346910
(CVE-2016-5325) CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated

Source: XF
Type: UNKNOWN
nodejs-cve20165325-response-splitting(117539)

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/nodejs/node/commit/c0f13e56a20f9bde5a67d873a7f9564487160762

Source: CCN
Type: Node.js Blog, 2016-09-23
Security updates for all active release lines, September 2016

Source: CONFIRM
Type: Patch, Vendor Advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

Source: GENTOO
Type: UNKNOWN
GLSA-201612-43

Source: CCN
Type: IBM Security Bulletin 1985392 (SDK for Node.js)
Multiple vulnerabilities may affect IBM SDK for Node.js

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-5325

Vulnerable Configuration:

Configuration 1:

cpe:/a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.5.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.42:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.43:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.44:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.45:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.46:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.11:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.12:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.13:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.14:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.15:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.3.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.5.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.6.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:*

AND

cpe:/a:ibm:rational_application_developer:9.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.0.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1:*:*:*:websphere:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:*:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:*:*:node.js:*:bluemix:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5.0.1:*:*:*:websphere:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1.2:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5.0.2:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:api_connect:5.0.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20165325	V	CVE-2016-5325	2022-09-02
oval:org.opensuse.security:def:94261	P	(Important)	2022-07-14
oval:org.opensuse.security:def:1682	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:1673	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:1095	P	Security update for wavpack (Moderate)	2022-03-28
oval:org.opensuse.security:def:1691	P	Security update for mariadb (Important)	2022-03-04
oval:org.opensuse.security:def:113040	P	nodejs4-4.7.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:1086	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:33060	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30159	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33742	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:38663	P	Security update for MozillaFirefox (Important)	2021-11-09
oval:org.opensuse.security:def:33037	P	Security update for tomcat (Important)	2021-11-03
oval:org.opensuse.security:def:35273	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:106480	P	nodejs4-4.7.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:29429	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:66930	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71349	P	mutt-1.10.1-3.3.4 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64762	P	Security update for apache2 (Important)	2021-09-03
oval:org.opensuse.security:def:29418	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:29417	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:30120	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:34514	P	Security update for qemu (Moderate)	2021-08-23
oval:org.opensuse.security:def:48169	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13913	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47936	P	zypper-1.13.45-21.23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14250	P	libldb1-1.1.29-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47607	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14088	P	at-3.1.14-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13905	P	libgssglue1-0.4-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48077	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47743	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14069	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47945	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47616	P	gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14934	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47622	P	glibc-2.22-15.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14051	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48308	P	spice-vdagent-0.16.0-8.5.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47752	P	libopenjp2-7-2.1.0-4.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47608	P	file-5.22-10.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14003	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48160	P	libopenssl-1_0_0-devel-1.0.2p-3.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14274	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47631	P	grub2-2.02-11.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14206	P	libXvnc1-1.6.0-18.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48317	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14912	P	gstreamer-plugins-bad-1.8.3-17.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13935	P	libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48068	P	libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14261	P	libneon27-0.30.0-3.64 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47617	P	gdm-3.10.0.1-54.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14181	P	krb5-1.12.5-39.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100974	P	libsndfile-devel-1.0.28-5.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:30222	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:68009	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-07-14
oval:org.opensuse.security:def:66838	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:48677	P	java-1_7_0-openjdk-plugin-1.5.1-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48835	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48606	P	python-imaging-1.1.7-21.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48764	P	bash-lang-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48522	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48844	P	java-1_7_0-openjdk-plugin-1.6.2-2.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48615	P	rpcbind-0.2.3-21.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48733	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48773	P	gd-32bit-2.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48531	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48668	P	empathy-3.10.3-1.131 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48742	P	libqt4-sql-mysql-32bit-4.8.6-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33657	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:34430	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:30071	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:33899	P	Security update for permissions (Important)	2021-04-29
oval:org.opensuse.security:def:34419	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:34418	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:31159	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:30178	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:32892	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:33104	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:64675	P	Security update for zstd (Moderate)	2021-03-24
oval:org.opensuse.security:def:68109	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:32275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:28955	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34650	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:33781	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:30016	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32998	P	Security update for python-urllib3 (Moderate)	2021-02-03
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:70286	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:71462	P	cracklib-2.9.6-9.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63401	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2312	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35952	P	libgnomesu-1.0.0-307.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63410	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103744	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117198	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35911	P	gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2321	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:90089	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107640	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63392	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2303	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32498	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34896	P	Security update for cyrus-imapd (Low)	2020-12-01
oval:org.opensuse.security:def:73503	P	graphviz-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38008	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34949	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:28343	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30773	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:38730	P	libssh2-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38555	P	binutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29011	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:50060	P	graphviz-tcl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28852	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29633	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:35163	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:50123	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32363	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:34806	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:37924	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28276	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:30716	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38702	P	libmysqlclient18 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34909	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:30409	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38395	P	libvorbis-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28994	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:29693	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:33427	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:28700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:34271	P	Security update for puppet (Moderate)	2020-12-01
oval:org.opensuse.security:def:28264	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:29501	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:34114	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:34749	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50069	P	libfpm_pb0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37913	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30626	P	Security update for Xen and libvirt	2020-12-01
oval:org.opensuse.security:def:32736	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50132	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33521	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:38305	P	libjansson4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28616	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:31071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34227	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34056	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:31862	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29863	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:39454	P	Security update for nodejs4 (Important)	2020-12-01
oval:org.opensuse.security:def:30494	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:32649	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35114	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29729	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:33439	P	Security update for ethereal and wireshark	2020-12-01
oval:org.opensuse.security:def:38247	P	libX11-6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50078	P	libspice-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28559	P	Security update for gtk2	2020-12-01
oval:org.opensuse.security:def:31015	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34202	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:28265	P	Security update for mercurial (Important)	2020-12-01
oval:org.opensuse.security:def:29777	P	Security update for GnuTLS	2020-12-01
oval:org.opensuse.security:def:35229	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:70181	P	ncurses-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30420	P	Security update for xorg-x11-libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32592	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35055	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:39412	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33428	P	Security update for clamav, clamav-db, clamav-debuginfo, clamav-debugsource	2020-12-01
oval:org.opensuse.security:def:38145	P	ceph-common on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37912	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28474	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:30860	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34163	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:38774	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50114	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30408	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33810	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:38614	P	gtk2-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29055	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:30897	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:28906	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:29720	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:35202	P	Security update for PostgreSQL 9.1	2020-12-01
oval:com.ubuntu.xenial:def:201653250000000	V	CVE-2016-5325 on Ubuntu 16.04 LTS (xenial) - medium.	2016-10-10
oval:com.ubuntu.artful:def:20165325000	V	CVE-2016-5325 on Ubuntu 17.10 (artful) - medium.	2016-10-10
oval:com.ubuntu.xenial:def:20165325000	V	CVE-2016-5325 on Ubuntu 16.04 LTS (xenial) - medium.	2016-10-10
oval:com.ubuntu.bionic:def:20165325000	V	CVE-2016-5325 on Ubuntu 18.04 LTS (bionic) - medium.	2016-10-10
oval:com.ubuntu.precise:def:20165325000	V	CVE-2016-5325 on Ubuntu 12.04 LTS (precise) - medium.	2016-10-10
oval:com.ubuntu.bionic:def:201653250000000	V	CVE-2016-5325 on Ubuntu 18.04 LTS (bionic) - medium.	2016-10-10
oval:com.ubuntu.trusty:def:20165325000	V	CVE-2016-5325 on Ubuntu 14.04 LTS (trusty) - medium.	2016-10-10