SUSE CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

Atlassian Confluence 7.11.x < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.1 (CONFSERVER-98021)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98021 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work o...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

Malicious code in auth0-lock-browserify (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9512 Malicious code in auth0-lock-browserify (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )

Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...

USN-6800-1: browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

USN-6800-1 node-browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : browserify-sign vulnerability (USN-6800-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6800-1 advisory. It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automat...

Ubuntu: Security Advisory (USN-6800-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : browserify-sign (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack CVE-2023-46234 Note that...

RHEL 6 : browserify-sign (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack CVE-2023-46234 Note that...

The vulnerability of the dsaVerify() function in the Browserify-sign cryptographic function library allows a perpetrator to create signatures that can be successfully verified with any public key. This leads to an attack of signature forgery.

The vulnerability of the dsaVerify function in the Browserify-sign cryptographic functionality package is related to improper verification of the cryptographic signature. Exploiting this vulnerability allows an attacker to generate signatures that can be successfully verified with any public key,...

ROS-20240418-08

A vulnerability in the Browserify-sign cryptographic functionality duplication package is related to the upper bound check in the dsaVerify function. Exploitation of the vulnerability could allow an attacker, acting remotely, to create signatures that can be successfully verified by any public ke...

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.3 has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.8.3 resolves vulnerabilities reported in Node.js Babel CVE-2023-45133, Eclipse Jetty CVE-2023-36478, CVE-2023-44487, Node.js browserify-sign CVE-2023-46234 and OpenSSL CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0466, CVE-2023-2650,...

Fedora 38 : yarnpkg (2024-5ecc250449)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5ecc250449 advisory. Update to 1.22.21, add fixes for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234. Tenable has extracted the preceding description block directly from...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use S3 storage are vulnerable to security restrictions bypass due to [CVE-2023-46234]

Summary Node.js module browserify-sign is used by IBM App Connect Enterprise Certified Container Dashboards for accessing S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access bar files in S3 storage are vulnerable to security restrictions bypass. This bulletin...

browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

...