openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:2574-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.2.2024.2574.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:2574-1)

Resumen: The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:2574-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:2574-1 advisory.

Vulnerability Insight:
This update for nodejs20 fixes the following issues:

Update to 20.15.1:

- CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560)
- CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554)
- CVE-2024-22018: Fixed fs.lstat bypasses permission model (bsc#1227562)
- CVE-2024-36137: Fixed fs.fchown/fchmod bypasses permission model (bsc#1227561)
- CVE-2024-37372: Fixed Permission model improperly processes UNC paths (bsc#1227563)

Changes in 20.15.0:

- test_runner: support test plans
- inspector: introduce the --inspect-wait flag
- zlib: expose zlib.crc32()
- cli: allow running wasm in limited vmem with --disable-wasm-trap-handler

Changes in 20.14.0

- src,permission: throw async errors on async APIs
- test_runner: support forced exit

Changes in 20.13.1:

- buffer: improve base64 and base64url performance
- crypto: deprecate implicitly shortened GCM tags
- events,doc: mark CustomEvent as stable
- fs: add stacktrace to fs/promises
- report: add --report-exclude-network option
- src: add uv_get_available_memory to report and process
- stream: support typed arrays
- util: support array of formats in util.styleText
- v8: implement v8.queryObjects() for memory leak regression testing
- watch: mark as stable

Affected Software/OS:
'nodejs20' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-22018
Common Vulnerability Exposure (CVE) ID: CVE-2024-22020
Common Vulnerability Exposure (CVE) ID: CVE-2024-27980
Common Vulnerability Exposure (CVE) ID: CVE-2024-36137
Common Vulnerability Exposure (CVE) ID: CVE-2024-36138
Common Vulnerability Exposure (CVE) ID: CVE-2024-37372

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2024.2574.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:2574-1)
Resumen:	The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:2574-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:2574-1 advisory. Vulnerability Insight: This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560) - CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554) - CVE-2024-22018: Fixed fs.lstat bypasses permission model (bsc#1227562) - CVE-2024-36137: Fixed fs.fchown/fchmod bypasses permission model (bsc#1227561) - CVE-2024-37372: Fixed Permission model improperly processes UNC paths (bsc#1227563) Changes in 20.15.0: - test_runner: support test plans - inspector: introduce the --inspect-wait flag - zlib: expose zlib.crc32() - cli: allow running wasm in limited vmem with --disable-wasm-trap-handler Changes in 20.14.0 - src,permission: throw async errors on async APIs - test_runner: support forced exit Changes in 20.13.1: - buffer: improve base64 and base64url performance - crypto: deprecate implicitly shortened GCM tags - events,doc: mark CustomEvent as stable - fs: add stacktrace to fs/promises - report: add --report-exclude-network option - src: add uv_get_available_memory to report and process - stream: support typed arrays - util: support array of formats in util.styleText - v8: implement v8.queryObjects() for memory leak regression testing - watch: mark as stable Affected Software/OS: 'nodejs20' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-22018 Common Vulnerability Exposure (CVE) ID: CVE-2024-22020 Common Vulnerability Exposure (CVE) ID: CVE-2024-27980 Common Vulnerability Exposure (CVE) ID: CVE-2024-36137 Common Vulnerability Exposure (CVE) ID: CVE-2024-36138 Common Vulnerability Exposure (CVE) ID: CVE-2024-37372
Copyright	Copyright (C) 2025 Greenbone AG