@adobe/helix-deploy (>=7.0.0 <=7.0.8) potentially affected by CVE-2022-39218 via @fastly/js-compute (>=0.4.0 <=0.5.2)

@fastly/js-compute NPM version =0.4.0, =7.0.0, =7.0.8 Source cves: CVE-2022-39218 Source advisory: OSV:GHSA-CMR8-5W4C-44V8...

GHSA-CMR8-5W4C-44V8 Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

CVE-2022-39218

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

Design/Logic Flaw

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

CVE-2022-39218

The CVE-2022-39218 vulnerability affects Fastly’s Compute@Edge JS Runtime. In versions before 0.5.3, Math.random and crypto.getRandomValues do not use sufficiently random values because the seed for the PRNG was baked into the final WebAssembly module, making the random sequence predictable for t...

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of reshapeop.h because the number of elements size is not properly handled which allows an attacker to entry more than one element causing an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of batchkernels.cc because the function doesn't handle nonscalar argument ids which allows an attacker to cause an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of listkernels.cc because the it doesn't properly handle the size of numelements which allows an attacker to provide more than one element causing an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of poolingops3d.cc because it doesn't properly validate the originputshape input which allows an attacker to bypass inputs which result in a check failure causing an application crash...

js-compute-runtime 安全漏洞

js-compute-runtime is a Fastly Compute@Edge JavaScript runtime open-sourced by Fastly. A security vulnerability exists in js-compute-runtime versions 0.4.0 through 0.5.3, which stems from the failure of the Math.random and crypto.getRandomValues methods to use sufficient random values...

PT-2022-24817 · Unknown · Js Compute Runtime

Name of the Vulnerable Software and Affected Versions: JS Compute Runtime versions prior to 0.5.3 Description: The Math.random and crypto.getRandomValues methods fail to use sufficiently random values, making the sequence of random values predictable. An attacker can use the fixed seed to predict...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in Compute function of listkernels.h because elementshape check is not properly handled which allows an attacker to cause an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in the Compute function of bincountop.cc When the SparseBincount is given inputs for indices, values, and denseshape parameters, allowing an attacker to cause an application crash through the segmentation fault...

CVE-2022-40757

A Buffer Access with Incorrect Length Value vulnerablity in the TEEMACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service DoS by invoking the function TEEMACComputeFinal with an excessive size value of messageLen...

CVE-2022-25696

Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

CVE-2022-25690

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...