[Git][security-tracker-team/security-tracker][master] new nodejs issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Oct 22 14:49:11 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f7453f1 by Moritz Muehlenhoff at 2023-10-22T15:48:47+02:00
new nodejs issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-39333
+ - nodejs <unfixed>
+ [bullseye] - nodejs <not-affected> (Only affects 18.x and later)
+ [buster] - nodejs <not-affected> (Only affects 18.x and later)
+ NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
+ NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
CVE-2023-5388
- nss <unfixed>
NOTE: https://people.redhat.com/~hkario/marvin/
@@ -708,9 +714,10 @@ CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable
CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does ...)
NOT-FOR-US: dotCMS
CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...)
- TODO: check
+ - nodejs <not-affected> (Only affects 20.x)
+ NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#path-traversal-through-path-stored-in-uint8array-high---cve-2023-39332
CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was patched insu ...)
- - nodejs <not-affected> (CVE-2023-30584 not insuficiently patched)
+ - nodejs <not-affected> (CVE-2023-30584 not insufficiently patched)
CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerabilit ...)
NOT-FOR-US: SonicOS
CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow vulnerability ...)
@@ -722,7 +729,11 @@ CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerab
CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...)
NOT-FOR-US: SonicOS
CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...)
- TODO: check
+ - nodejs <unfixed>
+ [bullseye] - nodejs <not-affected> (Only affects 18.x and later)
+ [buster] - nodejs <not-affected> (Only affects 18.x and later)
+ NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
+ NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...)
TODO: check
CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7453f122cb924471cf40f575e36a52b2ec52a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7453f122cb924471cf40f575e36a52b2ec52a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231022/f7fb6118/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list