106 matches found
PT-2021-15277 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.4.1 Node.js versions prior to 14.17.2 Node.js versions prior to 12.22.2 Description: The issue allows for local privilege escalation attacks under certain conditions on Windows platforms due to improper...
Nodejs 安全漏洞
nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications in Javascript by encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications. A security vulnerability exists in Nodejs on...
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.
...
CVE-2019-1794 Cisco Directory Connector Search Order Hijacking Vulnerability
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their...
CVE-2019-5511
VMware Workstation 15.x before 15.0.3, 14.x before 14.1.6 running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege...
CVE-2017-15870
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...