Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.29 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : CryptoJS vulnerability (USN-6753-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6753-1 advisory. Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attack...

9.1CVSS8.1AI score0.00635EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:31 p.m.112 views

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

9.8CVSS10AI score0.0434EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:36 p.m.51 views

Security Bulletin: Vulnerability in Brix crypto-js affects IBM Process Mining CVE-2023-46233

Summary There is a vulnerability in Brix crypto-js that could allow an remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION...

9.1CVSS9AI score0.00635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 5:56 p.m.46 views

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

9.8CVSS8.9AI score0.03465EPSS
Exploits6Affected Software1
Debian
Debian
added 2023/11/27 6:54 p.m.30 views

[SECURITY] [DLA 3669-1] cryptojs security update

Debian LTS Advisory DLA-3669-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin November 27, 2023 https://wiki.debian.org/LTS Package : cryptojs Version : 3.1.2+dfsg-2+deb10u1 CVE ID : CVE-2023-46233 Debian Bug : 1055525 Thomas Neil James Shadwell reported that...

9.1CVSS7.2AI score0.00635EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/27 12:0 a.m.42 views

Debian dla-3669 : libjs-cryptojs - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3669 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3669-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS7.8AI score0.00635EPSS
Exploits0References4
Circl
Circl
added 2023/10/26 12:39 a.m.6 views

CVE-2023-46233

creationtimestamp| type| source ---|---|--- 2023-10-26 00:39:24+00:00| seen| https://t.me/cibsecurity/72913 2026-03-13 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0292/...

9.1CVSS8.5AI score0.00635EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/10/25 9:15 p.m.5 views

0x-assert (>=0.0.2 <=0.0.3), 0xauth (>=0.0.5 <=0.1.0) +8673 more potentially affected by CVE-2023-46233 via crypto-js (>=3.1.2-1 <=4.1.1)

crypto-js NPM version =3.1.2-1, =0.0.2, =0.0.5, =1.0.0, =1.0.0, =1.34.1, =0.1.0, =4.11.2, =0.0.1, =3.3.9, =3.10.1, =0.0.16-0.1, =0.0.4, =0.0.7 and more Source cves: CVE-2023-46233 Source advisory: OSV:GHSA-XWCQ-PM8M-C4VF...

9.1CVSS7.4AI score0.00635EPSS
Exploits0
NVD
NVD
added 2023/10/25 9:15 p.m.25 views

CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS9.1AI score0.00635EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/25 9:15 p.m.32 views

CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS7.1AI score0.00635EPSS
Exploits0References4
OSV
OSV
added 2023/10/25 8:49 p.m.28 views

CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS8.5AI score0.00635EPSS
Exploits0References5
CVE
CVE
added 2023/10/25 8:49 p.m.298 views

CVE-2023-46233

CVE-2023-46233 affects crypto-js in Crypto-JS prior to 4.2.0. The PBKDF2 implementation uses SHA1 and a fixed iteration count of 1,000, making it far weaker than the 1993 spec and substantially weaker than current standards. Reported impact is high for password protection and signature generation...

9.1CVSS9.1AI score0.00635EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/25 8:49 p.m.47 views

CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS9.3AI score0.00635EPSS
Exploits0References3
Rows per page
Query Builder