3 matches found
Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)
Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks,brute force attack or execution of arbitrary code to get sensitive information, denial service condition, and other problems. Vulnerability...
@emartech/fake-server (=1.2.0), escher-auth (=1.0.0) +5 more potentially affected by CVE-2018-1000620 via cryptiles (=3.1.2)
cryptiles NPM version =3.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on cryptiles and may be impacted: - @emartech/fake-server =1.2.0 - escher-auth =1.0.0 - escher-suiteapi-js =10.0.0, =2.5.3, =13.0.0, =15.1.0 Source cves: CVE-2018-1000620 Source...
CVE-2018-1000620
CVE-2018-1000620 : Eran Hammer cryptiles 4.1.1 contains a CWE-331 Insufficient Entropy flaw in randomDigits(), enabling brute-force guessing of randomness. IBM/Oracle-style bulletin confirms the issue and notes it is fixed in 4.1.2; remediation is to upgrade to 4.1.2 (or move to maintained packag...