CVE-2023-30586

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...

PT-2023-4509 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A privilege escalation issue exists due to insufficient access control in the crypto.setEngine method of Node.js. This can be exploited by a remote attacker to bypass existing security restrictions. The attack...

Novell GroupWise Client ActiveX SetEngine Pointer Manipulation

Added: 02/18/2013 CVE: CVE-2012-0439 BID: 57658 OSVDB: 89700 Background Novell GroupWise is an e-mail and collaboration product suite. Problem Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker t...

Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within multiple metho...