Vulnerability CVE-2019-16776

Vulnerability Name:

CVE-2019-16776 (CCN-173161)

Assigned:

2019-09-24

Published:

2019-09-24

Updated:

2022-08-02

Summary:

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

4.8 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N)
4.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-22
CWE-20

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-16776

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0059

Source: REDHAT
Type: Third Party Advisory
RHEA-2020:0330

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0573

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0579

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0597

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0602

Source: CCN
Type: npm Blog, December 11, 2019
Binary Planting with the npm CLI

Source: MISC
Type: Third Party Advisory
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Source: XF
Type: UNKNOWN
npm-cve201916776-sec-bypass(173161)

Source: CONFIRM
Type: Third Party Advisory
https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-595ce5e3cc

Source: CCN
Type: IBM Security Bulletin 6475691 (VM Recovery Manager DR for Power Systems)
Vulnerability in npm affects IBM VM Recovery Manager

Source: CCN
Type: IBM Security Bulletin 6477092 (VM Recovery Manager DR for Power Systems)
Vulnerability in npm affects IBM VM Recovery Manager DR

Source: CCN
Type: IBM Security Bulletin 6575649 (Spectrum Discover)
Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Source: CCN
Type: IBM Security Bulletin 6988617 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Node.js

Source: CCN
Type: npmjs Web site
npm | build amazing things

Source: CCN
Type: Oracle CPUJan2020
Oracle Critical Patch Update Advisory - January 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:npmjs:npm:*:*:*:*:*:*:*:* (Version < 6.13.3)

Configuration 2:

cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*

Configuration 4:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:npm:npm:6.13.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:51994	P	Security update for the Linux Kernel (Important) (in QA)	2023-02-09
oval:org.opensuse.security:def:51992	P	Security update for vim (Moderate)	2023-01-30
oval:org.opensuse.security:def:51989	P	Security update for xen (Important)	2023-01-26
oval:org.opensuse.security:def:51974	P	Security update for cni-plugins (Important)	2022-12-20
oval:org.opensuse.security:def:51958	P	Security update for grub2 (Important)	2022-11-21
oval:org.opensuse.security:def:51960	P	Security update for krb5 (Important)	2022-11-21
oval:org.opensuse.security:def:641	P	Security update for nodejs12 (Moderate) (in QA)	2022-09-30
oval:org.opensuse.security:def:201916776	V	CVE-2019-16776	2022-09-02
oval:org.opensuse.security:def:94261	P	(Important)	2022-07-14
oval:org.opensuse.security:def:94260	P	(Important)	2022-07-13
oval:org.opensuse.security:def:94259	P	(Important)	2022-07-12
oval:org.opensuse.security:def:4299	P	Security update for resource-agents (Moderate)	2022-07-08
oval:org.opensuse.security:def:4294	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:1690	P	Security update for libeconf, shadow and util-linux (Moderate)	2022-03-04
oval:org.opensuse.security:def:1691	P	Security update for mariadb (Important)	2022-03-04
oval:org.opensuse.security:def:1689	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:58109	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:51726	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:4174	P	Security update for fetchmail (Moderate)	2021-12-14
oval:org.opensuse.security:def:51711	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:38664	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:4233	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:51697	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:51695	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:4285	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:38258	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:69550	P	Security update for strongswan (Moderate)	2021-10-19
oval:org.opensuse.security:def:64593	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:38669	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:4159	P	Security update for webkit2gtk3 (Important)	2021-10-12
oval:org.opensuse.security:def:58017	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:66930	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:66928	P	Security update for grafana-piechart-panel (Moderate)	2021-09-21
oval:org.opensuse.security:def:66929	P	Security update for the Linux Kernel (Important)	2021-09-21
oval:org.opensuse.security:def:4218	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:4217	P	Security update for wireshark (Moderate)	2021-09-13
oval:org.opensuse.security:def:64763	P	Security update for openssl-1_1 (Low)	2021-09-07
oval:org.opensuse.security:def:69535	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:70285	P	Security update for dovecot23 (Moderate)	2021-08-31
oval:org.opensuse.security:def:70284	P	Security update for mariadb (Moderate)	2021-08-25
oval:org.opensuse.security:def:14370	P	res-signingkeys-3.0.25-48.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14183	P	lftp-4.7.4-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14276	P	libpolkit0-0.113-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14000	P	patch-2.7.5-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14026	P	rpm-32bit-4.11.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14384	P	squidGuard-1.4-29.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14301	P	libtirpc-netconfig-1.0.1-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14048	P	tomcat-8.0.36-11.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14116	P	cyrus-sasl-2.1.26-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14364	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15044	P	libopus0-1.1-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14165	P	gzip-1.6-7.209 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15022	P	libldb1-1.5.4-1.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14375	P	rsyslog-8.24.0-1.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14290	P	libspice-client-glib-2_0-8-0.33-1.33 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14013	P	procmail-3.22-267.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14389	P	sysconfig-0.84.0-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14315	P	libxml2-2-2.9.4-45.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14164	P	gvim-7.4.326-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14008	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15049	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14197	P	libXinerama1-1.1.3-3.54 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15027	P	libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14030	P	ruby-2.1-1.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14295	P	libsystemd0-228-142.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14018	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14098	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14320	P	logrotate-3.11.0-1.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14345	P	perl-DBD-mysql-4.021-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14146	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14356	P	procmail-3.22-267.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14178	P	kbd-1.15.5-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14021	P	qemu-2.6.1-27.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:59521	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:14369	P	radvd-1.9.7-2.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14202	P	libXt6-1.1.4-3.57 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14043	P	systemtap-3.0-7.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14111	P	cups-1.7.5-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14359	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15029	P	libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14160	P	gtk2-data-2.24.31-7.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15007	P	libimobiledevice6-1.2.0-7.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63416	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63386	P	yast2-rmt-1.3.2-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63425	P	lame-3.100-1.33 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63339	P	libfpm_pb0-1.1.1-2.29 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:4279	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:63056	P	hdf5-gnu-hpc-1.10.7-2.25 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63478	P	java-11-openjdk-javadoc-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2327	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101417	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62193	P	libpango-1_0-0-1.44.7+11-1.25 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100972	P	libsha1detectcoll-devel-1.0.3-2.18 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63046	P	xorg-x11-server-sdk-1.20.3-22.5.30.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100973	P	libsmi-0.4.8-1.29 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62735	P	conky-1.11.5-1.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100974	P	libsndfile-devel-1.0.28-5.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62836	P	wavpack-5.4.0-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:4145	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:59774	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:4205	P	Security update for caribou (Important)	2021-07-20
oval:org.opensuse.security:def:4204	P	Security update for MozillaFirefox (Important)	2021-07-19
oval:org.opensuse.security:def:4202	P	Security update for bluez (Moderate)	2021-07-12
oval:org.opensuse.security:def:38116	P	Security update for curl (Moderate)	2021-06-30
oval:org.opensuse.security:def:51917	P	Security update for cryptctl (Important)	2021-06-23
oval:org.opensuse.security:def:66838	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:66836	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:63528	P	argyllcms-1.9.2-2.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62843	P	binutils-devel-32bit-2.29.1-4.46 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62868	P	patch-2.7.6-3.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:4132	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:63542	P	imobiledevice-tools-1.2.0+git20170122.45fda81-1.44 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63562	P	xorg-x11-server-wayland-1.19.6-6.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62840	P	aaa_base-malloccheck-84.87+git20180409.04c9dae-1.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:51902	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:38121	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:60264	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:51888	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:73619	P	Security update for dtc (Low)	2021-05-13
oval:org.opensuse.security:def:74705	P	Security update for dtc (Low)	2021-05-13
oval:org.opensuse.security:def:73620	P	Security update for ipvsadm (Low)	2021-05-13
oval:org.opensuse.security:def:51886	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:64491	P	Security update for libxml2 (Moderate)	2021-05-05
oval:org.opensuse.security:def:4190	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:57909	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:38797	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:4119	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:69445	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:5013	P	Security update for cifs-utils (Moderate)	2021-04-13
oval:org.opensuse.security:def:4117	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:4188	P	Security update for MozillaFirefox (Important)	2021-03-29
oval:org.opensuse.security:def:39507	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:51183	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:57179	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:52023	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:51168	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:64651	P	Security update for webkit2gtk3 (Important)	2021-02-22
oval:org.opensuse.security:def:52008	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:38772	P	Security update for cron (Low)	2021-02-16
oval:org.opensuse.security:def:51154	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:4176	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:4283	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:51152	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:4143	P	Security update for MozillaFirefox (Important)	2021-02-01
oval:org.opensuse.security:def:66837	P	Security update for clamav-database (Important)	2021-01-25
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:38723	P	Security update for avahi (Moderate)	2021-01-18
oval:org.opensuse.security:def:4186	P	Security update for ImageMagick (Moderate)	2021-01-12
oval:org.opensuse.security:def:70286	P	Security update for dovecot23 (Important)	2021-01-05
oval:org.opensuse.security:def:57458	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:4960	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:4111	P	Security update for openssh (Moderate)	2020-12-09
oval:org.opensuse.security:def:4962	P	Security update for openssl-1_0_0 (Important)	2020-12-09
oval:org.opensuse.security:def:61748	P	ghostscript-9.52-3.27.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61919	P	libzypp-17.23.6-1.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2319	P	nodejs10-10.19.0-1.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63290	P	openslp-server-2.0.0-6.12.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117198	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4082	P	libxmltooling-devel-1.5.6-3.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63408	P	nodejs10-10.19.0-1.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107638	P	nodejs10-10.19.0-1.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4088	P	libzzip-0-13-0.13.67-10.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2320	P	nodejs12-12.18.0-2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4101	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4096	P	nasm-2.10.09-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63409	P	nodejs12-12.18.0-2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107639	P	nodejs12-12.18.0-2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117196	P	nodejs10-10.19.0-1.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61724	P	cups-filters-1.25.0-1.107 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63187	P	subversion-server-1.10.0-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4090	P	memcached-devel-1.4.39-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2321	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4103	P	obs-service-source_validator-0.7-9.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63410	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107640	P	nodejs8-8.17.0-8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117197	P	nodejs12-12.18.0-2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4080	P	libxerces-c-devel-3.1.1-12.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4104	P	ocaml-4.03.0-8.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62389	P	ImageMagick-7.0.7.34-1.6 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61725	P	curl-7.66.0-2.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62521	P	gdm-3.26.2.1-13.19.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4324	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4331	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4984	P	Security update for nodejs8 (Important)	2020-12-02
oval:org.opensuse.security:def:4334	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4265	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4353	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4976	P	Security update for nodejs8 (Important)	2020-12-02
oval:org.opensuse.security:def:4339	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4346	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4998	P	Security update for nodejs10 (Important)	2020-12-02
oval:org.opensuse.security:def:4349	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4308	P	Security update for the Linux Kernel (Live Patch 8 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4315	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4991	P	Security update for nodejs10 (Important)	2020-12-02
oval:org.opensuse.security:def:4318	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4322	P	Security update for the Linux Kernel (Live Patch 8 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4310	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4314	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4317	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4982	P	Security update for nodejs10 (Important)	2020-12-02
oval:org.opensuse.security:def:4320	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4263	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:4338	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15) (Important)	2020-12-02
oval:org.opensuse.security:def:56778	P	Security update for libmodplug (Moderate)	2020-12-01
oval:org.opensuse.security:def:51005	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:38419	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38650	P	libXtst6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58252	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:66214	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:38007	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38037	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38889	P	colord on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53359	P	Security update for graphviz (Moderate)	2020-12-01
oval:org.opensuse.security:def:50131	P	nodejs12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51422	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:38709	P	libpcsclite1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39522	P	Security update for nodejs6 (Important)	2020-12-01
oval:org.opensuse.security:def:50629	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:51287	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:38777	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73501	P	glibc-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58326	P	Security update for nodejs6 (Important)	2020-12-01
oval:org.opensuse.security:def:50599	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:50651	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:52098	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:53429	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:63689	P	Security update for openssh (Important)	2020-12-01
oval:org.opensuse.security:def:51801	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38816	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50078	P	libspice-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39564	P	Security update for nodejs12 (Important)	2020-12-01
oval:org.opensuse.security:def:50785	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:38504	P	u-boot-rpi3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50598	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:63918	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:60564	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38844	P	empathy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74838	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:59340	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:51020	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:51256	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:60942	P	Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper (Moderate)	2020-12-01
oval:org.opensuse.security:def:38020	P	pam_yubico on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50620	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:60682	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:52067	P	Test update for SUSE:SLE-15-SP2:Update (security) (Important)	2020-12-01
oval:org.opensuse.security:def:53374	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:50132	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57352	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:51436	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:39527	P	Security update for python-Twisted (Moderate)	2020-12-01
oval:org.opensuse.security:def:56779	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:50754	P	Security update for libmspack (Low)	2020-12-01
oval:org.opensuse.security:def:38342	P	libotr5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38008	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73502	P	gradle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70179	P	log4j12-javadoc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:61021	P	Security update for nodejs6 (Important)	2020-12-01
oval:org.opensuse.security:def:50613	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:56801	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50989	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:38400	P	libwsman1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58302	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:53444	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:38019	P	pam_ssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51815	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:38869	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53343	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:39569	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:56941	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:38509	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50600	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:72888	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:51258	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:38758	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72770	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:38025	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50622	P	Security update for libu2f-host, pam_u2f (Moderate)	2020-12-01
oval:org.opensuse.security:def:38240	P	libHX28 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58183	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:52069	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:66107	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:53413	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:59957	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:51451	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38728	P	libsqlite3-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50076	P	libsaml-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59341	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:50756	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38356	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58221	P	Security update for procps (Important)	2020-12-01
oval:org.opensuse.security:def:38021	P	patch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60075	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:38825	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73503	P	graphviz-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70180	P	nasm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50628	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:59363	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:50991	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:38414	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60992	P	Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm (Important)	2020-12-01
oval:org.opensuse.security:def:66199	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:38032	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64247	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51830	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:38884	P	typelib-1_0-EvinceDocument-3_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53345	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:50130	P	nodejs10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51420	P	Security update for gcc7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50614	P	Security update for netpbm (Moderate)	2020-12-01
oval:org.opensuse.security:def:64383	P	libsndfile-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60779	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:72903	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:51272	P	Security update for fwupd (Important)	2020-12-01
oval:org.opensuse.security:def:72785	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:69430	P	Security update for 389-ds (Important)	2020-12-01
oval:org.opensuse.security:def:50597	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:50636	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38253	P	libXfont1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64384	P	libsnmp30 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60863	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:52083	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:66122	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:53415	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:57624	P	Security update for net-snmp (Moderate)	2020-12-01
oval:org.opensuse.security:def:51799	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:38811	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50077	P	libshibsp-lite7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39549	P	Security update for nodejs6 (Important)	2020-12-01
oval:org.opensuse.security:def:50770	P	Security update for unbound (Important)	2020-12-01
oval:org.opensuse.security:def:38361	P	libquicktime0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38490	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60901	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:38026	P	perl-DBD-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38839	P	bash-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70181	P	ncurses-devel-32bit on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20200579	P	RHSA-2020:0579: nodejs:10 security update (Important)	2020-02-25
oval:com.redhat.rhea:def:20200330	P	RHEA-2020:0330: nodejs:12 enhancement update (Low)	2020-02-04
oval:org.opensuse.security:def:84474	P	Security update for nodejs6 (Important)	2020-01-28
oval:org.opensuse.security:def:88333	P	Security update for nodejs6 (Important)	2020-01-28
oval:org.opensuse.security:def:80961	P	Security update for nodejs6 (Important)	2020-01-28
oval:org.opensuse.security:def:91803	P	Security update for nodejs10 (Important)	2020-01-15
oval:org.opensuse.security:def:110500	P	Security update for nodejs8 (Important)	2020-01-15
oval:org.opensuse.security:def:98753	P	Security update for nodejs10 (Important)	2020-01-15
oval:org.opensuse.security:def:105443	P	Security update for nodejs10 (Important)	2020-01-15
oval:org.opensuse.security:def:91818	P	Security update for nodejs8 (Important)	2020-01-08
oval:org.opensuse.security:def:98768	P	Security update for nodejs8 (Important)	2020-01-08
oval:org.opensuse.security:def:105458	P	Security update for nodejs8 (Important)	2020-01-08
oval:com.ubuntu.disco:def:2019167760000000	V	CVE-2019-16776 on Ubuntu 19.04 (disco) - medium.	2019-12-13
oval:com.ubuntu.bionic:def:2019167760000000	V	CVE-2019-16776 on Ubuntu 18.04 LTS (bionic) - medium.	2019-12-13
oval:com.ubuntu.xenial:def:2019167760000000	V	CVE-2019-16776 on Ubuntu 16.04 LTS (xenial) - medium.	2019-12-13

BACK