diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2024-02-15 21:14:39 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2024-02-15 21:17:32 +0100 |
commit | 46abf731560677b5e5426886d3cc248d609de9ac (patch) | |
tree | ef4919a7a2b68e7324bf7ddd17902c1d540372c6 | |
parent | bb2a4de69b14481503a87c000be76a650b294e76 (diff) |
new nodejs issues
-rw-r--r-- | data/CVE/list | 25 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 27 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 7fa63d6680..692476fc03 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,28 @@ +CVE-2024-21890 + [experimental] - nodejs <unfixed> + - nodejs <not-affected> (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#improper-handling-of-wildcards-in---allow-fs-read-and---allow-fs-write-cve-2024-21890---medium +CVE-2024-21891 + [experimental] - nodejs <unfixed> + - nodejs <not-affected> (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium +CVE-2023-46809 + - nodejs <unfixed> + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium +CVE-2024-22017 + [experimental] - nodejs <unfixed> + - nodejs <not-affected> (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#setuid-does-not-drop-all-privileges-due-to-io_uring-cve-2024-22017---high +CVE-2024-21896 + [experimental] - nodejs <unfixed> + - nodejs <not-affected> (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high +CVE-2024-22019 + - nodejs <unfixed> + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high +CVE-2024-21892 + - nodejs <unfixed> + NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...) TODO: check CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow ...) diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index e8d9bac11f..1b1c6528ed 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -42,6 +42,8 @@ linux (carnil) nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- +nodejs +-- opennds/stable -- openvswitch |