Lucene search
K

106 matches found

Positive Technologies
Positive Technologies
added 2021/07/12 12:0 a.m.2 views

PT-2021-15277 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.4.1 Node.js versions prior to 14.17.2 Node.js versions prior to 12.22.2 Description: The issue allows for local privilege escalation attacks under certain conditions on Windows platforms due to improper...

7.8CVSS7.3AI score0.07409EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/07/02 12:0 a.m.2 views

Nodejs 安全漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications in Javascript by encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications. A security vulnerability exists in Nodejs on...

7.8CVSS7AI score0.07409EPSS
Exploits1References10
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.7 views

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

...

7.3CVSS7AI score0.0053EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/18 12:35 a.m.22 views

CVE-2019-1794 Cisco Directory Connector Search Order Hijacking Vulnerability

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their...

5.1CVSS5.1AI score0.00383EPSS
Exploits0References2
OSV
OSV
added 2019/04/09 8:30 p.m.4 views

CVE-2019-5511

VMware Workstation 15.x before 15.0.3, 14.x before 14.1.6 running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege...

8.8CVSS7.3AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2017/12/11 5:29 p.m.4 views

CVE-2017-15870

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...

6.7CVSS5.9AI score0.00434EPSS
Exploits0References2
Rows per page
Query Builder