Vulnerability CVE-2016-7099 - CERT Civis.Net

Vulnerability Name:

CVE-2016-7099 (CCN-117538)

Assigned:

2016-09-27

Published:

2016-09-27

Updated:

2018-01-05

Summary:

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2016-7099

Source: SUSE
Type: Third Party Advisory
SUSE-SU-2016:2470

Source: CCN
Type: RHSA-2017-0002
Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0002

Source: CCN
Type: IBM Security Bulletin N1021765 (i)
Vulnerability CVE-2016-7099 and CVE-2016-5325 in Node.js affects IBM i

Source: CCN
Type: IBM Security Bulletin 1992427 (SDK for Node.js for Bluemix)
Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 1992681 (Rational Application Developer for WebSphere Software)
Multiple OpenSSL and Non-OpenSSL vulnerabilities in Node.js included in Rational Application Developer for WebSphere Software.

Source: CCN
Type: IBM Security Bulletin 1995758 (Business Process Manager Advanced)
Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Source: CCN
Type: IBM Security Bulletin 1999445 (API Connect)
Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)

Source: BID
Type: Third Party Advisory, VDB Entry
93191

Source: CCN
Type: BID-93191
Node.js CVE-2016-7099 Security Bypass Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 1379921
(CVE-2016-7099) CVE-2016-7099 nodejs: wildcard certificates not properly validated

Source: XF
Type: UNKNOWN
nodejs-cve20167099-sec-bypass(117538)

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/nodejs/node/commit/743f0c916469f3129dfae406fa104dc46782e20b

Source: CCN
Type: Node.js Blog, 2016-09-23
Security updates for all active release lines, September 2016

Source: CONFIRM
Type: Patch, Vendor Advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

Source: CCN
Type: IBM Security Bulletin 1985392 (SDK for Node.js)
Multiple vulnerabilities may affect IBM SDK for Node.js

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-7099

Vulnerable Configuration:

Configuration 1:

cpe:/a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.42:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.43:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.44:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.45:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.10.46:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.3.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.5.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:6.6.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.11:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.12:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.13:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.14:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:0.12.15:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.2:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.3:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.4:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.5:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.6:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.4.7:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:4.5.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:*

AND

cpe:/a:ibm:rational_application_developer:9.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.0.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1:*:*:*:websphere:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:*:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:sdk:*:*:node.js:*:bluemix:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5.0.1:*:*:*:websphere:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1.2:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.5.0.2:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:api_connect:5.0.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20167099	V	CVE-2016-7099	2022-09-02
oval:org.opensuse.security:def:94261	P	(Important)	2022-07-14
oval:org.opensuse.security:def:1682	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:1673	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:1095	P	Security update for wavpack (Moderate)	2022-03-28
oval:org.opensuse.security:def:1691	P	Security update for mariadb (Important)	2022-03-04
oval:org.opensuse.security:def:113040	P	nodejs4-4.7.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:1086	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:33060	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30159	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33742	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:38663	P	Security update for MozillaFirefox (Important)	2021-11-09
oval:org.opensuse.security:def:33037	P	Security update for tomcat (Important)	2021-11-03
oval:org.opensuse.security:def:35273	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:106480	P	nodejs4-4.7.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:29429	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:66930	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71349	P	mutt-1.10.1-3.3.4 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64762	P	Security update for apache2 (Important)	2021-09-03
oval:org.opensuse.security:def:29417	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:29418	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:30120	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:34514	P	Security update for qemu (Moderate)	2021-08-23
oval:org.opensuse.security:def:47607	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14088	P	at-3.1.14-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13905	P	libgssglue1-0.4-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48077	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47743	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14069	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47945	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47616	P	gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14934	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47622	P	glibc-2.22-15.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14051	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48308	P	spice-vdagent-0.16.0-8.5.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47752	P	libopenjp2-7-2.1.0-4.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47608	P	file-5.22-10.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14003	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48160	P	libopenssl-1_0_0-devel-1.0.2p-3.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14274	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47631	P	grub2-2.02-11.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14206	P	libXvnc1-1.6.0-18.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48317	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14912	P	gstreamer-plugins-bad-1.8.3-17.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13935	P	libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48068	P	libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14261	P	libneon27-0.30.0-3.64 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47617	P	gdm-3.10.0.1-54.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14181	P	krb5-1.12.5-39.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48169	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13913	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47936	P	zypper-1.13.45-21.23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14250	P	libldb1-1.1.29-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100974	P	libsndfile-devel-1.0.28-5.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:30222	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:68009	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-07-14
oval:org.opensuse.security:def:66838	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:32949	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:48835	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48606	P	python-imaging-1.1.7-21.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48764	P	bash-lang-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48522	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48844	P	java-1_7_0-openjdk-plugin-1.6.2-2.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48615	P	rpcbind-0.2.3-21.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48733	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48773	P	gd-32bit-2.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48531	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48668	P	empathy-3.10.3-1.131 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48742	P	libqt4-sql-mysql-32bit-4.8.6-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48677	P	java-1_7_0-openjdk-plugin-1.5.1-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33657	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:34430	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:30071	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:33899	P	Security update for permissions (Important)	2021-04-29
oval:org.opensuse.security:def:34418	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:31159	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:34419	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:30178	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:32892	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:33104	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:64675	P	Security update for zstd (Moderate)	2021-03-24
oval:org.opensuse.security:def:68109	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:32275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:28955	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34650	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:33781	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:30016	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32998	P	Security update for python-urllib3 (Moderate)	2021-02-03
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:70286	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:2312	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35952	P	libgnomesu-1.0.0-307.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63410	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103744	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117198	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35911	P	gstreamer-0_10-plugins-base-0.10.35-5.15.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2321	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:90089	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107640	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63392	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2303	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71462	P	cracklib-2.9.6-9.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63401	P	nodejs8-8.15.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:29633	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:35163	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:50123	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32363	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:34806	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31900	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:37924	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28276	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:30716	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38702	P	libmysqlclient18 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34909	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:30409	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38395	P	libvorbis-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28994	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:29693	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:33427	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:28700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:34271	P	Security update for puppet (Moderate)	2020-12-01
oval:org.opensuse.security:def:28264	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:29501	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:34114	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:34749	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:50069	P	libfpm_pb0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37913	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30626	P	Security update for Xen and libvirt	2020-12-01
oval:org.opensuse.security:def:32736	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50132	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33521	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:38305	P	libjansson4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28616	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:31071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34227	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34056	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:31862	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29863	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:39454	P	Security update for nodejs4 (Important)	2020-12-01
oval:org.opensuse.security:def:30494	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:32649	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35114	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29729	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:33439	P	Security update for ethereal and wireshark	2020-12-01
oval:org.opensuse.security:def:38247	P	libX11-6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50078	P	libspice-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28559	P	Security update for gtk2	2020-12-01
oval:org.opensuse.security:def:31015	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34202	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:28265	P	Security update for mercurial (Important)	2020-12-01
oval:org.opensuse.security:def:29777	P	Security update for GnuTLS	2020-12-01
oval:org.opensuse.security:def:35229	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:70181	P	ncurses-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30420	P	Security update for xorg-x11-libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32592	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35055	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:39412	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33428	P	Security update for clamav, clamav-db, clamav-debuginfo, clamav-debugsource	2020-12-01
oval:org.opensuse.security:def:38145	P	ceph-common on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37912	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28474	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:30860	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34163	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:38774	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50114	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30408	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33810	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:38614	P	gtk2-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29055	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:30897	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:28906	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:29720	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:35202	P	Security update for PostgreSQL 9.1	2020-12-01
oval:org.opensuse.security:def:32498	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34896	P	Security update for cyrus-imapd (Low)	2020-12-01
oval:org.opensuse.security:def:73503	P	graphviz-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38008	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34949	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:28343	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30773	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:38730	P	libssh2-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38555	P	binutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29011	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:50060	P	graphviz-tcl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28852	P	Security update for xen (Important)	2020-12-01
oval:com.ubuntu.cosmic:def:201670990000000	V	CVE-2016-7099 on Ubuntu 18.10 (cosmic) - medium.	2016-10-10
oval:com.ubuntu.artful:def:20167099000	V	CVE-2016-7099 on Ubuntu 17.10 (artful) - medium.	2016-10-10
oval:com.ubuntu.trusty:def:20167099000	V	CVE-2016-7099 on Ubuntu 14.04 LTS (trusty) - medium.	2016-10-10
oval:com.ubuntu.bionic:def:201670990000000	V	CVE-2016-7099 on Ubuntu 18.04 LTS (bionic) - medium.	2016-10-10
oval:com.ubuntu.bionic:def:20167099000	V	CVE-2016-7099 on Ubuntu 18.04 LTS (bionic) - medium.	2016-10-10
oval:com.ubuntu.xenial:def:20167099000	V	CVE-2016-7099 on Ubuntu 16.04 LTS (xenial) - medium.	2016-10-10
oval:com.ubuntu.xenial:def:201670990000000	V	CVE-2016-7099 on Ubuntu 16.04 LTS (xenial) - medium.	2016-10-10
oval:com.ubuntu.cosmic:def:20167099000	V	CVE-2016-7099 on Ubuntu 18.10 (cosmic) - medium.	2016-10-10
oval:com.ubuntu.disco:def:201670990000000	V	CVE-2016-7099 on Ubuntu 19.04 (disco) - medium.	2016-10-10
oval:com.ubuntu.precise:def:20167099000	V	CVE-2016-7099 on Ubuntu 12.04 LTS (precise) - medium.	2016-10-10