English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.18.2.2024.0643.1
Kategorie:openSUSE Local Security Checks
Titel:openSUSE Security Advisory (SUSE-SU-2024:0643-1)
Zusammenfassung:The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:0643-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:0643-1 advisory.

Vulnerability Insight:
This update for nodejs20 fixes the following issues:

Update to 20.11.1: (security updates)

* CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992).
* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).
* CVE-2024-21896: Path traversal by monkey-patching Buffer internals (bsc#1219994).j
* CVE-2024-22017: setuid() does not drop all privileges due to io_uring (bsc#1219995).
* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
* CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization (bsc#1219998).
* CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (bsc#1219999).
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).
* CVE-2024-24758: undici version 5.28.3 (bsc#1220017).
* CVE-2024-24806: libuv version 1.48.0 (bsc#1219724).

Update to 20.11.0:

* esm: add import.meta.dirname and import.meta.filename
* fs: add c++ fast path for writeFileSync utf8
* module: remove useCustomLoadersIfPresent flag
* module: bootstrap module loaders in shadow realm
* src: add --disable-warning option
* src: create per isolate proxy env template
* src: make process binding data weak
* stream: use Array for Readable buffer
* stream: optimize creation
* test_runner: adds built in lcov reporter
* test_runner: add Date to the supported mock APIs
* test_runner, cli: add --test-timeout flag

Update to 20.10.0:

* --experimental-default-type flag to flip module defaults
* The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected.
* Added flush option in file system functions for fs.writeFile functions
* Added experimental WebSocket client
* vm: fix V8 compilation cache support for vm.Script. This fixes performance regression since v16.x when support for importModuleDynamically was added to vm.Script

Affected Software/OS:
'nodejs20' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-46809
Common Vulnerability Exposure (CVE) ID: CVE-2024-21890
https://hackerone.com/reports/2257156
http://www.openwall.com/lists/oss-security/2024/03/11/1
Common Vulnerability Exposure (CVE) ID: CVE-2024-21891
https://hackerone.com/reports/2259914
Common Vulnerability Exposure (CVE) ID: CVE-2024-21892
https://hackerone.com/reports/2237545
Common Vulnerability Exposure (CVE) ID: CVE-2024-21896
https://hackerone.com/reports/2218653
Common Vulnerability Exposure (CVE) ID: CVE-2024-22017
https://hackerone.com/reports/2170226
Common Vulnerability Exposure (CVE) ID: CVE-2024-22019
https://hackerone.com/reports/2233486
Common Vulnerability Exposure (CVE) ID: CVE-2024-22025
https://hackerone.com/reports/2284065
https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-24758
https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
Common Vulnerability Exposure (CVE) ID: CVE-2024-24806
https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629
https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70
https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488
https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39
https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html
http://www.openwall.com/lists/oss-security/2024/02/08/2
http://www.openwall.com/lists/oss-security/2024/02/11/1
CopyrightCopyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.