194 matches found
Node.js: Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: Similar to...
MGASA-2022-0294 Updated nodejs packages fix security vulnerability
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the...
CVE-2022-34900
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
CVE-2022-34900
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
Design/Logic Flaw
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
CVE-2022-34900
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
ALPINE-CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
UBUNTU-CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...
PT-2022-21160 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x prior to 18.40.0 Description: A cryptographic issue exists in Node.js on Linux, where the default path for openssl.cnf might be accessible to a non-admin user under certain circumstances, instead of being located in...
Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatche...
PT-2022-17105 · Itarian · Itarian Endpoint Manage Communication Client
Name of the Vulnerable Software and Affected Versions: ITarian Endpoint Manage Communication Client versions prior to 6.43.41148.21120 Description: The issue is related to the ITarian Endpoint Manage Communication Client being compiled with insecure OpenSSL settings. This allows a malicious actor...
Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configurati...
The vulnerability of Mozilla VPN’s network software lies in the ability to load the OpenSSL configuration file from an unprotected directory, allowing an attacker to execute arbitrary code with SYSTEM privileges.
The vulnerability of Mozilla VPN’s network software relates to the possibility of loading the OpenSSL configuration file from an unprotected directory. Exploiting this vulnerability could allow a hacker to execute arbitrary code with SYSTEM privileges...
Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path — Mozilla
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege...
PT-2022-1721 · Mozilla · Vpn
Name of the Vulnerable Software and Affected Versions: Mozilla VPN versions prior to 2.7.1 Description: The issue is related to Mozilla VPN's ability to load an OpenSSL configuration file from an unsecured directory. This could allow a user or attacker with limited privileges to launch arbitrary...
The vulnerability of the McAfee Agent antivirus software, related to privilege management errors, allows a hacker to elevate their privileges.
The vulnerability of the McAfee Agent antivirus software is related to privilege management errors. Exploiting this vulnerability can allow an attacker to enhance their privileges using a specially created openssl.cnf file...
CVE-2022-0166
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...