63 matches found
IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.10 (7244573)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7244573 advisory. - The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string 0. with an integer, which makes the output...
Linux Distros Unpatched Vulnerability : CVE-2023-46233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2
Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...
SUSE CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
Supply Chain Attack
yt-dlp is vulnerable to Supply Chain Attack. The vulnerability is due to the use of a compromised CDN cdn.bootcdn.net which is used to fetch a component of the crypto-js JavaScript library, allowing an attacker to potentially inject and execute malicious JavaScript code...
Malicious code in @ably-forks/crypto-js (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2033 Malicious code in @ably-forks/crypto-js (npm)
--- -= Per source details. Do not edit below this line.=-...
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...
Security Bulletin: Vulnerability in Brix crypto-js affects IBM Process Mining CVE-2023-46233
Summary There is a vulnerability in Brix crypto-js that could allow an remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION...
Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...
Debian dla-3669 : libjs-cryptojs - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3669 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3669-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-46233
A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...
Insecure Hashing Algorithm
crypto-js is vulnerable to Insecure Hashing Algorithm. The vulnerability is present because the library uses the cryptographically weak sha1 algorithm by default. This weakness allows an attacker to potentially forge data, certificates, or digital signatures, which could lead to unauthorized acce...
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
GHSA-XWCQ-PM8M-C4VF crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
Code injection
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
UBUNTU-CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
GHSA-MPJ8-Q39X-WQ5H crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...