PT-2026-35067

Name of the Vulnerable Software and Affected Versions Mojic versions prior to 2.1.4 Description The CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy, which is a situation where th...

Mojic 安全漏洞

Mojic is a C-language code obfuscation tool developed by Amit Dutta. Versions of Mojic prior to 2.1.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of the standard equality operator by CipherEngine to verify HMAC-SHA256 integrity checks, which could allow attacker...

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1509-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1509-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

SUSE-SU-2026:1478-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

OESA-2026-1954 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

OESA-2026-1953 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

OESA-2026-1951 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1371-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1371-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1363-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1363-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1371-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1363-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

CoinMate.io: HMAC signature verification omits endpoint and payload allowing request forgery on CoinMate API

A vulnerability was discovered in the HMAC signature verification process of the CoinMate API. The signature was calculated using only the nonce, client ID, and public key, omitting the HTTP endpoint and request payload. This allowed an attacker to hijack a valid signature intended for a read-onl...

Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to 24.14.1 CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. CVE-2026-21710: uncaught TypeError exception can cause a denial ...

OPENSUSE-SU-2026:20519-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

SUSE-SU-2026:21181-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

Node.js: Node.js: Information disclosure via timing oracle in HMAC verification

A flaw was found in Node.js. The HMAC Hash-based Message Authentication Code verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurement...