Lucene search
+L

18 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-46234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References1
nessus
nessus
added 2025/01/10 12:0 a.m.11 views

Atlassian Confluence 7.11.x < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.1 (CONFSERVER-98021)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98021 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work o...

7.5CVSS7.1AI score0.00508EPSS
Exploits0References2
ibm
ibm
added 2024/08/08 2:57 p.m.34 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )

Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...

7.5CVSS7.4AI score0.00508EPSS
Exploits0Affected Software1
cbl_mariner
cbl_mariner
added 2024/06/06 7:53 p.m.51 views

CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9

CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9. An upgraded version of the package is available that resolves this issue...

7.5CVSS6.9AI score0.00508EPSS
Exploits0
ibm
ibm
added 2024/04/09 6:54 p.m.33 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...

7.5CVSS7.2AI score0.00797EPSS
Exploits2Affected Software1
openvas
openvas
added 2024/02/28 12:0 a.m.29 views

Fedora: Security Advisory (FEDORA-2024-28fc0c2ef4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.02542EPSS
Exploits2References5
openvas
openvas
added 2024/02/28 12:0 a.m.34 views

Fedora: Security Advisory for yarnpkg (FEDORA-2024-5ecc250449)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.02542EPSS
Exploits2References2
ibm
ibm
added 2023/12/14 10:36 a.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use S3 storage are vulnerable to security restrictions bypass due to [CVE-2023-46234]

Summary Node.js module browserify-sign is used by IBM App Connect Enterprise Certified Container Dashboards for accessing S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access bar files in S3 storage are vulnerable to security restrictions bypass. This bulletin...

7.5CVSS6.8AI score0.00508EPSS
Exploits0Affected Software1
nessus
nessus
added 2023/10/31 12:0 a.m.26 views

Debian DSA-5539-1 : node-browserify-sign - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5539 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. ...

7.5CVSS7.1AI score0.00508EPSS
Exploits0References7
debian
debian
added 2023/10/30 4:25 p.m.31 views

[SECURITY] [DSA 5539-1] node-browserify-sign security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5539-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2023 https://www.debian.org/security/faq -...

7.5CVSS6.7AI score0.00508EPSS
Exploits0
redhat
redhat
added 2023/10/30 12:53 p.m.27 views

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update

An update is now available for Red Hat Openshift distributed tracing 2.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References2
debian
debian
added 2023/10/29 4:33 a.m.34 views

[SECURITY] [DLA 3635-1] node-browserify-sign security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/ Yadd October 29, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

7.5CVSS7.5AI score0.00508EPSS
Exploits0
redhatcve
redhatcve
added 2023/10/27 6:27 a.m.52 views

CVE-2023-46234

A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment. Mitigation No current mitigation is yet available for this flaw...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2023/10/26 8:53 p.m.11 views

@affinidi/common-check-widget (=1.5.1), @deep-foundation/deepcase-app (>=0.1.0-beta.20 <=0.1.0-beta.41) +30 more potentially affected by CVE-2023-46234 via browserify-sign (>=2.6.0 <=4.0.4)

browserify-sign NPM version =2.6.0, =0.1.0-beta.20, =1.4.811, =1.1.3, =1.1.1, =1.3.0-15, =3.3.0, =0.1.1, =3.7.0, =0.0.1, =0.0.8 and more Source cves: CVE-2023-46234 Source advisory: OSV:GHSA-X9W5-V3Q2-3RHW...

7.5CVSS6.7AI score0.00508EPSS
Exploits0
circl
circl
added 2023/10/26 6:15 p.m.15 views

CVE-2023-46234

creationtimestamp| type| source ---|---|--- 2023-10-26 18:15:53+00:00| seen| https://t.me/cibsecurity/72962...

7.5CVSS6.1AI score0.00508EPSS
Exploits0References1
debiancve
debiancve
added 2023/10/26 2:31 p.m.33 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS7.7AI score0.00508EPSS
Exploits0
osv
osv
added 2023/10/26 2:31 p.m.29 views

CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

6.5CVSS7.1AI score0.00508EPSS
Exploits0References8
cve
cve
added 2023/10/26 2:31 p.m.216 views

CVE-2023-46234

CVE-2023-46234 affects the node-browserify-sign package used to provide browser-crypto signing functionality. The root cause is an upper bound check issue in the dsaVerify function, which allows an attacker to construct signatures that can be verified by any public key, enabling a signature forge...

7.5CVSS6.8AI score0.00508EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder