CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...

CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...

Elliptic allows BER-encoded signatures

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

GHSA-49Q7-C7J4-3P7M Elliptic allows BER-encoded signatures

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

Elliptic's ECDSA missing check for whether leading bit of r and s is zero

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

CVE-2024-42461

CVE-2024-42461 : In the Node.js Elliptic package v6.5.6, an ECDSA signature malleability vulnerability exists because BER-encoded signatures are allowed. The connected IBM page lists the issue and confirms a CVSS v3.1 base score of 5.3 (confidentiality: Low, integrity: None, availability: None). ...

CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

CVE-2024-42460

CVE-2024-42460 : In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability is caused by a missing check for whether the leading bit of r and s is zero. The IBM bulletin aggregates multiple Elliptic-related CVEs and confirms fixes are shipped for IBM Storage Scale products (not detai...

CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...