nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz2226726 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging...

McAfee Safe Connect VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Safe Connect VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

PT-2023-21079 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: 3CX affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order...

3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. Th...

CVE-2023-28133

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

Design/Logic Flaw

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

CVE-2023-28133

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

CVE-2023-28133

CVE-2023-28133 relates to a local privilege escalation in Check Point Endpoint Security Client (E87.30). The root cause is a flaw involving a crafted OpenSSL configuration file that allows a low-privilege user (Users group) to elevate privileges via affected components (e.g., TracSrvWrapper.exe, ...

CVE-2023-28133

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

Check Point Endpoint Security Client 安全漏洞

Check Point Endpoint Security Client is an endpoint security protection software from Check Point, Israel. A security vulnerability exists in Check Point Endpoint Security Client version E87.30, which originated from a vulnerability that allows an attacker to perform a local privilege escalation ...

Check Point Response to CVE-2023-28133 - Local privilege escalation in Check Point Endpoint Security Client via crafted OpenSSL configuration file

Symptoms - Local privilege escalation in Check Point Endpoint Security Client. Affected versions: E87.30 and lower, including all E86.x clients. Affected clients: Standalone Remote Access VPN clients, Endpoint Security Clients with Remote Access VPN enabled. Affected processes: TracSrvWrapper.exe...

SUSE CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...

CVE-2022-41141

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

Windscribe VPN 代码问题漏洞

Windscribe VPN is an application from Windscribe Canada. A VPN. Windscribe VPN suffers from a security vulnerability that stems from loading an OpenSSL configuration file from an insecure location...

CVE-2022-41141

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

CVE-2022-0517

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN 2.7.1...

SUSE-SU-2022:4255-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to 14.21.0: - src: add --openssl-shared-config option...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...

Node.js 14.x < 14.20.0 / 16.x < 16.16.0 / 18.x < 18.5.0 Multiple Vulnerabilities (July 7th 2022 Security Releases).

The version of Node.js installed on the remote host is prior to 14.20.0, 16.16.0, 18.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 7th 2022 Security Releases advisory. - The llhttp parser in the http module does not correctly parse and validate...

PT-2022-25671 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Windscribe affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order...