CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

WordPress plugin All-In-One Security (AIOS) – Security and Firewall 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress All-In-One Security AIOS - Security and Firewall plugin version 5.1.0 and earlier is vulnerable to...

PT-2022-5731 · Tp Link · Tp-Link Tl-Wr940N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N version 3.20.1US Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. The specific flaw exists within the httpd service, which listens on...

SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same...

PT-2022-11592 · Unknown · Phpservermon

Name of the Vulnerable Software and Affected Versions: phpservermon affected versions not specified Description: A problematic issue was found in phpservermon, affecting the generatePasswordResetToken function of the file src/psm/Service/User.php. The manipulation leads to the use of a predictabl...

PT-2022-11593 · Unknown · Phpservermon

Name of the Vulnerable Software and Affected Versions: phpservermon affected versions not specified Description: A vulnerability was found in phpservermon, affecting the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to the use of a predictable algorithm in ...

AlmaLinux 8 : nodejs:18 (ALSA-2022:7821)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7821 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256 Tenable...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

nodejs:18 security update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

RHEL 8 : nodejs:18 (RHSA-2022:7821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CentOS 8 : nodejs:18 (CESA-2022:7821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7821 advisory. - nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 - nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

Pseudo randomness is not recommended

Lines of code Vulnerability details Impact Use of pseudo randomness in chain is not recommended as it can be predicted by anyone, this can affect value in case of minting or withdrawing in some scenarios Proof of Concept Tools Used Recommended Mitigation Steps Use oracles --- The text was updated...

USN-5695-1 linux-gcp vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

Nextcloud: Insecure randomness for default password in file sharing when password policy app is disabled

The password generation function used for protecting shared links in Nextcloud was using an insecure random number generator, which could allow an attacker to access the shared files without knowledge of the password...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...