Lucene search
+L

234 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0777

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00324EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 8:4 a.m.8 views

Security Bulletin: Multiple vulnerabilities in pbkdf2 affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-6545 and CVE-2025-6547)

Summary There are multiple vulnerabilities in pbkdf2 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability...

9.1CVSS6.8AI score0.00387EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/28 1:33 p.m.17 views

NeuVector has an insecure password storage and is vulnerable to rainbow attack

Impact NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed. NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2...

5.3CVSS5.8AI score0.00162EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.13 views

PT-2026-36987

Name of the Vulnerable Software and Affected Versions net-imap affected versions not specified Description A hostile IMAP server can trigger a computational denial-of-service attack on the client process during authentication using SCRAM-SHA1 or SCRAM-SHA256. By sending an arbitrarily large PBKDF...

9.8CVSS6AI score0.00429EPSS
Exploits0References43
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 4:36 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to loss of confidentiality [CVE-2025-6545] [CVE-2025-6547]

Summary Node.js module pbkdf2 is used by IBM App Connect Enterprise Certified Container when accessing BAR files stored in COS S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access BAR files stored in COS S3 storage are vulnerable to loss of confidentiality. Th...

9.1CVSS6.5AI score0.00387EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/06/25 11:43 a.m.5 views

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper input validation in the lib/to-buffer.js file, which allows an attacker to bypass signature verification and spoof cryptographic signatures, making malicious data appear authentic...

9.1CVSS7AI score0.00359EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/06/25 4:34 a.m.6 views

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper validation of input parameters within the pbkdf2 library, allows an attacker to forge or spoof digital signatures, potentially bypassing authentication or integrity checks...

9.1CVSS7.2AI score0.00387EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.7 views

The vulnerability of the pbkdf2 library in the Node.js software platform, which allows attackers to forge digital signatures

The vulnerability of the pbkdf2 library in the Node.js software platform is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability allows a malicious actor to forge digital signatures by sending specially crafted packets...

10CVSS5.3AI score0.00359EPSS
Exploits0References6Affected Software2
SUSE CVE
SUSE CVE
added 2025/06/24 11:24 p.m.5 views

SUSE CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

7.4CVSS6.9AI score0.00359EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/06/24 11:24 p.m.3 views

SUSE CVE-2025-6547

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: =3.1.2...

7.4CVSS7AI score0.00387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/23 11:19 p.m.3 views

CVE-2025-6547

A flaw was found in the npm pbkdf2 library, allowing signature spoofing. Under specific use cases, pbkdf2 may return static keys. This issue only occurs when running the library on Node.js...

9.1CVSS6.2AI score0.00387EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/23 11:19 p.m.6 views

CVE-2025-6545

A flaw was found in the npm pbkdf2 library, allowing signature spoofing. When executing in javascript engines other than Nodejs or Nodejs when importing pbkdf2/browser, certain algorithms will silently fail and return invalid data. The return values are predictable, which undermines the security...

9.1CVSS6.2AI score0.00359EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/06/23 10:42 p.m.7 views

org.webjars.npm:ethereum-cryptography (=0.1.3), org.webjars.npm:parse-asn1 (>=5.0.0 <=5.1.6) potentially affected by CVE-2025-6547 via org.webjars.npm:pbkdf2 (=3.1.2)

org.webjars.npm:pbkdf2 MAVEN version =3.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:pbkdf2 and may be impacted: - org.webjars.npm:ethereum-cryptography =0.1.3 - org.webjars.npm:parse-asn1 =5.0.0, =5.1.6 Source cves: CVE-2025-654...

9.1CVSS5.8AI score0.00387EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/23 10:42 p.m.9 views

@0cfg/utils-node (>=0.1.2 <=0.1.8), @b0ase/path402-api (=4.0.0-alpha.1) +262 more potentially affected by CVE-2025-6547 via pbkdf2 (>=3.0.12 <=3.1.2)

pbkdf2 NPM version =3.0.12, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.38.0, =1.45.0, =1.1.14, =1.20.2, =1.3.13, =3.8.1, =4.26.0 and more Source cves: CVE-2025-6547 Source advisory: OSV:GHSA-V62P-RQ8G-8H59...

9.1CVSS5.8AI score0.00387EPSS
Exploits0
Snyk
Snyk
added 2025/06/23 10:42 p.m.3 views

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the toBuffer function. An attacker can predict cryptographic keys that were generated using Uint8Array inputs on affected Node.js versions, leading to compromised security of derived...

9.1CVSS6.8AI score0.00387EPSS
Exploits0References2
OSV
OSV
added 2025/06/23 10:42 p.m.11 views

GHSA-V62P-RQ8G-8H59 pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

9.1CVSS5.9AI score0.00387EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/23 10:42 p.m.8 views

pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

9.1CVSS6.9AI score0.00387EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/06/23 10:41 p.m.7 views

org.webjars.npm:ethereum-cryptography (=0.1.3), org.webjars.npm:parse-asn1 (>=5.0.0 <=5.1.6) potentially affected by CVE-2025-6545 via org.webjars.npm:pbkdf2 (=3.1.2)

org.webjars.npm:pbkdf2 MAVEN version =3.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:pbkdf2 and may be impacted: - org.webjars.npm:ethereum-cryptography =0.1.3 - org.webjars.npm:parse-asn1 =5.0.0, =5.1.6 Source cves: CVE-2025-654...

9.1CVSS5.8AI score0.00359EPSS
Exploits0
OSV
OSV
added 2025/06/23 10:41 p.m.5 views

GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...

9.1CVSS6.3AI score0.00359EPSS
Exploits0References5
NVD
NVD
added 2025/06/23 7:15 p.m.6 views

CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

9.1CVSS0.00359EPSS
Exploits0References3
Rows per page
Query Builder