9 matches found
EUVD-2022-38146
Malicious code in bioql PyPI...
Internet Bug Bounty: Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen
A weak randomness vulnerability existed in WebCrypto keygen in Node.js 18, due to a change in EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. The vulnerability allowed for the possibility of non-cryptographically strong random data being used as keying material...
SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:0419-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0419-1 advisory. This update ships nodejs18 jscPED-2097 Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by defau...
CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...
CVE-2022-35255
CVE-2022-35255 describes a weakness in Node.js 18 WebCrypto key generation where EntropySource() is invoked but its return value is not checked, and the data returned may not be cryptographically strong. The underlying issue occurs in SecretKeyGenTraits::DoKeyGen() and can lead to weaker key mate...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...
AlmaLinux 8 : nodejs:16 (ALSA-2022:6964)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6964 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256 Tenable...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3615-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3615-1 advisory. Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic bsc1201325. - CVE-2022-32215: Fixed...
September 23rd 2022 Security Releases
September 23rd 2022 Security Releases Update 26-September-2022 Security releases available Recommendation update regarding CVE-2022-35255: Roll-out and re-issue all keys generated with WebCrypto.subtle.generateKey. Re-evaluate the confidentiality of data encrypted with those keys. Update...