Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...

EUVD-2018-0467

Malware in sbrugna...

Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks,brute force attack or execution of arbitrary code to get sensitive information, denial service condition, and other problems. Vulnerability...

Insufficient Entropy

Overview Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to...

Insufficient Entropy

Overview Versions of cryptiles from version 3.1.0 through 3.1.2, and versions 4.0.0 to version 4.1.1 are vulnerable to insufficient entropy. The randomDigits method generates digits that lack a perfect distribution over enough attempts. Recommendation Update to version 3.1.3 or 4.1.2 or later...

30-lines-telegram-bot (>=1.0.0 <=1.0.1), 3nit-components (>=0.0.2 <=0.0.4) +2373 more potentially affected by CVE-2018-1000620 via cryptiles (>=3.1.2 <=3.2.1)

cryptiles NPM version =3.1.2, =1.0.0, =0.0.2, =0.3.0, =1.0.1, =1.0.0, =1.0.0, =1.16.0, =1.16.0, =1.16.0, =0.0.1, =0.0.3 - @akcelepatop/tsuml =0.0.1-alpha.9 and more Source cves: CVE-2018-1000620 Source advisory: OSV:GHSA-RQ8G-5PC5-WRHR...

Insufficient Entropy in cryptiles

Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptil...

GHSA-RQ8G-5PC5-WRHR Insufficient Entropy in cryptiles

Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptil...

CVE-2018-1000620

A flaw was found in the nodejs-cryptiles library prior to version 4.1.2. Previous versions do not implement cryptographically secure randomness resulting in the randomDigits function returning a pseudo-random data string biased to certain digits. An attacker could exploit this to guess the...

Insecure Random Number Generation

cryptiles is vulnerable to insecure random number generation. The application uses the randomDigits method which does not have sufficient entropy to be securely random, allowing an attacker to gain access through a brute-force attack...

Design/Logic Flaw

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...

CVE-2018-1000620

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...

CVE-2018-1000620

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...

CVE-2018-1000620

CVE-2018-1000620 : Eran Hammer cryptiles 4.1.1 contains a CWE-331 Insufficient Entropy flaw in randomDigits(), enabling brute-force guessing of randomness. IBM/Oracle-style bulletin confirms the issue and notes it is fixed in 4.1.2; remediation is to upgrade to 4.1.2 (or move to maintained packag...

PT-2018-9474 · Hapi +1 · @Hapi/Cryptiles +1

Name of the Vulnerable Software and Affected Versions: Eran Hammer cryptiles versions 4.1.1 and earlier Description: The issue is related to insufficient entropy in the randomDigits method, which can result in an increased likelihood of brute force attacks. This attack appears to be exploitable...

Fedora Update for nodejs-cryptiles FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-cryptiles FEDORA-2013-11780

Check for the Version of nodejs-cryptiles OpenVAS Vulnerability Test Fedora Update for nodejs-cryptiles FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...