Lucene search
+L

10 matches found

Broadcom
Broadcom
added 2023/12/19 12:0 a.m.65 views

Privilege escalation vulnerability in Node.js 20 could allow loading arbitrary OpenSSL engines when the experimental permission model is enabled (CVE-2023-30586).

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...

7.5CVSS7.3AI score0.01348EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/07/05 3:18 p.m.35 views

CVE-2023-30586

A vulnerability has been identified in the Node.js 20, allows loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model...

7.5CVSS7.3AI score0.01348EPSS
Exploits0References3
NVD
NVD
added 2023/07/01 12:15 a.m.39 views

CVE-2023-30586

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...

7.5CVSS7.6AI score0.01348EPSS
Exploits0References2
Chainguard
Chainguard
added 2023/07/01 12:15 a.m.55 views

CVE-2023-30586 vulnerabilities

Vulnerabilities for packages: nodejs...

7.5CVSS7.6AI score0.01348EPSS
Exploits0
Wolfi
Wolfi
added 2023/07/01 12:15 a.m.34 views

CVE-2023-30586 vulnerabilities

Vulnerabilities for packages: nodejs...

7.5CVSS7.8AI score0.01348EPSS
Exploits0
CVE
CVE
added 2023/06/30 11:40 p.m.452 views

CVE-2023-30586

CVE-2023-30586: Privilege escalation in Node.js 20 when the experimental permission model is enabled. An OpenSSL engine loaded via crypto.setEngine() can bypass or disable the permission model by manipulating host process memory (e.g., locating Permission::enabled_ on the heap). Affected: Node.js...

7.5CVSS7.4AI score0.01348EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/06/30 11:40 p.m.30 views

CVE-2023-30586

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...

7.5CVSS7.7AI score0.01348EPSS
Exploits0
OSV
OSV
added 2023/06/30 11:40 p.m.45 views

CVE-2023-30586

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...

7.5CVSS7.4AI score0.01348EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.29 views

Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.7CVSS7.1AI score0.75116EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.26 views

Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.7CVSS7.6AI score0.75116EPSS
Exploits1References1
Rows per page
Query Builder