43 matches found
EUVD-2021-19432
Malware in sbrugna...
EUVD-2023-34967
Malicious code in bioql PyPI...
EUVD-2023-46331
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-4970
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loo...
CVE-2023-41840
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path...
CVE-2021-32592
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...
Fortinet FortiClient Path Traversal Vulnerability (CNVD-2023-98182)
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A path traversal vulnerability exists in Fortinet...
CVE-2023-41840
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path...
CVE-2023-41840
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path...
CVE-2023-41840
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path...
Fortinet FortiClient 安全漏洞
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A path traversal vulnerability exists in Fortinet...
CVE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
CVE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from loading an arbitrary OpenSSL engine when enabling an experimental privilege model, which can bypass and/or disable the privilege model...
CVE-2023-30586
CVE-2023-30586: Privilege escalation in Node.js 20 when the experimental permission model is enabled. An OpenSSL engine loaded via crypto.setEngine() can bypass or disable the permission model by manipulating host process memory (e.g., locating Permission::enabled_ on the heap). Affected: Node.js...
PT-2023-4509 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A privilege escalation issue exists due to insufficient access control in the crypto.setEngine method of Node.js. This can be exploited by a remote attacker to bypass existing security restrictions. The attack...
openssl-ibmca bug fix and enhancement update
An update is available for openssl-ibmca. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The openssl-ibmca package provides a dynamic OpenSSL engine for the IBM...
SUSE CVE-2016-4970
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service infinite loop...
SUSE CVE-2019-5443
A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...
CVE-2021-32592
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path...