18 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-46234
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on...
Atlassian Confluence 7.11.x < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.1 (CONFSERVER-98021)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98021 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work o...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )
Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...
CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9
CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...
Fedora: Security Advisory (FEDORA-2024-28fc0c2ef4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for yarnpkg (FEDORA-2024-5ecc250449)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use S3 storage are vulnerable to security restrictions bypass due to [CVE-2023-46234]
Summary Node.js module browserify-sign is used by IBM App Connect Enterprise Certified Container Dashboards for accessing S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access bar files in S3 storage are vulnerable to security restrictions bypass. This bulletin...
Debian DSA-5539-1 : node-browserify-sign - security update
The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5539 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. ...
[SECURITY] [DSA 5539-1] node-browserify-sign security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5539-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2023 https://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update
An update is now available for Red Hat Openshift distributed tracing 2.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
[SECURITY] [DLA 3635-1] node-browserify-sign security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/ Yadd October 29, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
CVE-2023-46234
A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment. Mitigation No current mitigation is yet available for this flaw...
@affinidi/common-check-widget (=1.5.1), @deep-foundation/deepcase-app (>=0.1.0-beta.20 <=0.1.0-beta.41) +30 more potentially affected by CVE-2023-46234 via browserify-sign (>=2.6.0 <=4.0.4)
browserify-sign NPM version =2.6.0, =0.1.0-beta.20, =1.4.811, =1.1.3, =1.1.1, =1.3.0-15, =3.3.0, =0.1.1, =3.7.0, =0.0.1, =0.0.8 and more Source cves: CVE-2023-46234 Source advisory: OSV:GHSA-X9W5-V3Q2-3RHW...
CVE-2023-46234
creationtimestamp| type| source ---|---|--- 2023-10-26 18:15:53+00:00| seen| https://t.me/cibsecurity/72962...
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
CVE-2023-46234
CVE-2023-46234 affects the node-browserify-sign package used to provide browser-crypto signing functionality. The root cause is an upper bound check issue in the dsaVerify function, which allows an attacker to construct signatures that can be verified by any public key, enabling a signature forge...