3096 matches found
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
Integer overflow
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
Node.js 安全特征问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
CVE-2020-36732
CVE-2020-36732 affects crypto-js used in IBM-related deployments. The underlying issue: crypto-js versions before 3.2.1 for Node.js generate random numbers by concatenating the string "0." with an integer, yielding less randomness than expected. The NVD metrics show a base score of 5.3 (Medium) w...
PT-2023-11874
Name of the Vulnerable Software and Affected Versions: crypto-js versions prior to 3.2.1 Description: The issue concerns the generation of random numbers in the crypto-js package. Specifically, it concatenates the string "0." with an integer, making the output more predictable than necessary...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
Design/Logic Flaw
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
imapsync 后置链接漏洞
imapsync is imapsync open source an IMAP transport tool. A security vulnerability exists in imapsync that stems from the use of predictable paths under /tmp and /var/tmp in its default mode of operation, which can be exploited by an attacker to modify imapsync's cache and overwrite files belongin...
PT-2023-24735 · Imapsync · Imapsync
Name of the Vulnerable Software and Affected Versions: imapsync versions through 2.229 Description: The issue concerns the use of predictable paths under /tmp and /var/tmp in the default mode of operation. Since these paths are typically world-writable, an attacker can modify imapsync's cache and...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...
AZL-34776 CVE-2023-31147 affecting package grpc for versions less than 1.62.0-2
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
DEBIAN-CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...