Lucene search
K

63 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.6 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.10 (7244573)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7244573 advisory. - The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string 0. with an integer, which makes the output...

5.3CVSS6.7AI score0.01075EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2023-46233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at...

9.1CVSS7.2AI score0.00635EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 6:42 a.m.23 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2

Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...

9.1CVSS6.2AI score0.00635EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2024/07/11 3:30 a.m.5 views

SUSE CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS7AI score0.00635EPSS
Exploits0References2
Veracode
Veracode
added 2024/07/09 5:53 a.m.9 views

Supply Chain Attack

yt-dlp is vulnerable to Supply Chain Attack. The vulnerability is due to the use of a compromised CDN cdn.bootcdn.net which is used to fetch a component of the crypto-js JavaScript library, allowing an attacker to potentially inject and execute malicious JavaScript code...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:18 p.m.6 views

Malicious code in @ably-forks/crypto-js (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:18 p.m.5 views

MAL-2024-2033 Malicious code in @ably-forks/crypto-js (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:31 p.m.112 views

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

9.8CVSS10AI score0.0434EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:36 p.m.51 views

Security Bulletin: Vulnerability in Brix crypto-js affects IBM Process Mining CVE-2023-46233

Summary There is a vulnerability in Brix crypto-js that could allow an remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION...

9.1CVSS9AI score0.00635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:56 p.m.46 views

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

9.8CVSS8.9AI score0.03465EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/27 12:0 a.m.42 views

Debian dla-3669 : libjs-cryptojs - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3669 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3669-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS7.8AI score0.00635EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/10/26 3:59 p.m.76 views

CVE-2023-46233

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

9.1CVSS8.8AI score0.00635EPSS
Exploits0References4
Veracode
Veracode
added 2023/10/26 5:59 a.m.41 views

Insecure Hashing Algorithm

crypto-js is vulnerable to Insecure Hashing Algorithm. The vulnerability is present because the library uses the cryptographically weak sha1 algorithm by default. This weakness allows an attacker to potentially forge data, certificates, or digital signatures, which could lead to unauthorized acce...

9.1CVSS7AI score0.00635EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:15 p.m.179 views

crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS9.2AI score0.00635EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/10/25 9:15 p.m.58 views

GHSA-XWCQ-PM8M-C4VF crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS9.2AI score0.00635EPSS
Exploits0References5
Prion
Prion
added 2023/10/25 9:15 p.m.21 views

Code injection

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

6.4CVSS9.1AI score0.00635EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/25 9:15 p.m.3 views

UBUNTU-CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS7AI score0.00635EPSS
Exploits0References5
OSV
OSV
added 2023/10/25 9:14 p.m.31 views

GHSA-MPJ8-Q39X-WQ5H crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS9.2AI score0.00446EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/10/25 9:14 p.m.60 views

crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS6.6AI score0.00446EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/10/25 8:49 p.m.30 views

CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS8.5AI score0.00635EPSS
Exploits0References5
Rows per page
Query Builder