12 matches found
Fedora: Security Advisory (FEDORA-2025-d3dee9f37d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : yarnpkg (2025-d3dee9f37d)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d3dee9f37d advisory. Update bundled pbkdf2 library. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
Fedora: Security Advisory (FEDORA-2025-96ff8c2897)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2025-6545
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...
@0cfg/utils-node (>=0.1.2 <=0.1.8), @b0ase/path402-api (=4.0.0-alpha.1) +262 more potentially affected by CVE-2025-6545 via pbkdf2 (>=3.0.12 <=3.1.2)
pbkdf2 NPM version =3.0.12, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.38.0, =1.45.0, =1.1.14, =1.20.2, =1.3.13, =3.8.1, =4.26.0 and more Source cves: CVE-2025-6545 Source advisory: OSV:GHSA-H7CP-R72F-JXH6...
org.webjars.npm:ethereum-cryptography (=0.1.3), org.webjars.npm:parse-asn1 (>=5.0.0 <=5.1.6) potentially affected by CVE-2025-6545 via org.webjars.npm:pbkdf2 (=3.1.2)
org.webjars.npm:pbkdf2 MAVEN version =3.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:pbkdf2 and may be impacted: - org.webjars.npm:ethereum-cryptography =0.1.3 - org.webjars.npm:parse-asn1 =5.0.0, =5.1.6 Source cves: CVE-2025-654...
CVE-2025-6545
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...
CVE-2025-6545
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...
CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...
CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...
CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...
CVE-2025-6545
CVE-2025-6545 (pbkdf2) : An improper input validation issue in pbkdf2 can enable signature spoofing. Affects pbkdf2 versions 3.0.10–3.1.2, with the root cause in the library’s input handling (noted as lib/to-buffer.Js). CVSS v4.0 base score 9.1 (critical). Public references describe vendor adviso...