 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.18.2.2024.0730.1 |
| Category: | openSUSE Local Security Checks |
| Title: | openSUSE Security Advisory (SUSE-SU-2024:0730-1) |
| Summary: | The remote host is missing an update for the 'nodejs18' package(s) announced via the SUSE-SU-2024:0730-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'nodejs18' package(s) announced via the SUSE-SU-2024:0730-1 advisory. Vulnerability Insight: This update for nodejs18 fixes the following issues: Update to 18.19.1: (security updates) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: undici version 5.28.3 (bsc#1220017). * CVE-2024-24806: libuv version 1.48.0 (bsc#1219724). Update to LTS version 18.19.0 * deps: npm updates to 10.x * esm: + Leverage loaders when resolving subsequent loaders + import.meta.resolve unflagged + --experimental-default-type flag to flip module defaults Affected Software/OS: 'nodejs18' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-46809 Common Vulnerability Exposure (CVE) ID: CVE-2024-21892 https://hackerone.com/reports/2237545 http://www.openwall.com/lists/oss-security/2024/03/11/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-22019 https://hackerone.com/reports/2233486 Common Vulnerability Exposure (CVE) ID: CVE-2024-22025 https://hackerone.com/reports/2284065 https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html Common Vulnerability Exposure (CVE) ID: CVE-2024-24758 https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3 Common Vulnerability Exposure (CVE) ID: CVE-2024-24806 https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488 https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html http://www.openwall.com/lists/oss-security/2024/02/08/2 http://www.openwall.com/lists/oss-security/2024/02/11/1 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |