EUVD-2020-0358

Malware in sbrugna...

0.8.18-p11 (=0.8.18-p12), 08cms (=1.0.0) +2102 more potentially affected by CVE-2015-8851 via node-uuid (>=1.1.0 <=1.4.3)

node-uuid NPM version =1.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =0.0.7, =0.0.7, =1.0.14, =2.2.0, =2.2.1 and more Source cves: CVE-2015-8851 Source advisory: OSV:GHSA-265Q-28RP-CHQ5...

Insecure Entropy Source - Math.random() in node-uuid

Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later...

GHSA-265Q-28RP-CHQ5 Insecure Entropy Source - Math.random() in node-uuid

Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later...

DEBIAN-CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

Design/Logic Flaw

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

UBUNTU-CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

CVE-2015-8851 affects node-uuid before 1.4.4. The root cause is insufficient randomness in GUID generation (use of Math.random instead of a cryptographically secure source), which could enable attackers to guess GUIDs with unspecified impact. Affected: node-uuid (pre-1.4.4). Impact and exploitabi...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8851

Summary Unsafe fallback to Math.random in module node-uuid, used by the npm package management tool Vulnerability Details CVE-ID: CVE-2015-8851 Description: node.js node-uuid could provide weaker than expected, caused by the use of Math.random instead of a more cryptographically sound source of...

Security Bulletin: node-uuid unsafe fallback to Math.random affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux (CVE-2015-8851)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. A vulnerability in the node-uuid module causes the module to...

Security Bulletin: node-uuid unsafe fallback to Math.random (CVE-2015-8851)

Summary A vulnerability in the node-uuid module causes the module to fallback on math.random under certain circumstances, which leads to predictable UUIDs. The node-uuid module is used by the Node.js Package Manager npm. Vulnerability Details CVEID: CVE-2015-8851 DESCRIPTION: node.js node-uuid...

nodejs-node-uuid: insecure entropy source - Math.random()

It was found that NodeJS node-uuid used Math.random to create a GUID Globally Unique Identifier which does not provide enough entropy on some platforms it only provides 32 bits which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks...

Insecure Entropy Source - Math.random()

Overview Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later. References - Issue 108 - Issue 122 - GitHub Advisory...