8 matches found
BIT-NODE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
Internet Bug Bounty: OpenSSL engines can be used to bypass and/or disable the Node.js permission model
Arbitrary OpenSSL engines could be loaded in Node.js 20, bypassing and disabling the permission model. This allowed for the execution of arbitrary code, unaffected by the permission model...
CVE-2023-30586
A vulnerability has been identified in the Node.js 20, allows loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model...
CVE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
CVE-2023-30586
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
Node.js: OpenSSL engines can be used to bypass and/or disable the permission model
Arbitrary OpenSSL engines could be loaded in Node.js 20, even when the permission model was enabled, which could bypass and/or disable the permission model, allowing for arbitrary code execution...
openSUSE: Security Advisory for curl (openSUSE-SU-2018:2731-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : curl (openSUSE-2018-1010)
This update for curl fixes the following issues : This security issue was fixed : - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code bsc1106019 This non-security issue was fixed : - Use OPENSSLconfig instead of CONFmodulesloadfile to avoid crashes due to openssl engines...