diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-16 07:07:36 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-16 07:07:36 +0200 |
commit | 8b7183f32a33513f1901dd2573065f54f2fcc2f6 (patch) | |
tree | 13e7708770b5e93cb105ff49c223673577935445 /data | |
parent | 590155531d32293c7b17131facd63791a8c95b06 (diff) |
Track new nodejs issues from september security release
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2020.list | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index ec125a6241..6fb622a397 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -38389,10 +38389,14 @@ CVE-2020-8254 RESERVED CVE-2020-8253 RESERVED -CVE-2020-8252 +CVE-2020-8252 [fs.realpath.native on may cause buffer overflow] RESERVED -CVE-2020-8251 + - nodejs <unfixed> + NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 +CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests] RESERVED + - nodejs <not-affected> (Only affects 14.x series) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 RESERVED CVE-2020-8249 @@ -38510,8 +38514,10 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash & NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) NOT-FOR-US: Nextcloud Preferred Providers app -CVE-2020-8201 +CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion] RESERVED + - nodejs <unfixed> + NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 CVE-2020-8200 RESERVED CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) |