uuid 缓冲区错误漏洞

uuid is a JavaScript module developed by UUID, which allows for the generation of RFC-compliant UUIDs in JavaScript. Versions of uuid prior to 14.0.0 contained a buffer error vulnerability. This vulnerability stems from functions v3, v5, and v6 accepting external output buffers without rejecting...

Fickling missing RCE-capable modules in UNSAFE_IMPORTS

Assessment The modules uuid, osxsupport and aixsupport were added to the blocklist of unsafe imports https://github.com/trailofbits/fickling/commit/ffac3479dbb97a7a1592d85991888562d34dd05b. Original report Summary fickling's UNSAFEIMPORTS blocklist is missing at least 3 stdlib modules that provid...

GHSA-5HWF-RC88-82XM Fickling missing RCE-capable modules in UNSAFE_IMPORTS

Assessment The modules uuid, osxsupport and aixsupport were added to the blocklist of unsafe imports https://github.com/trailofbits/fickling/commit/ffac3479dbb97a7a1592d85991888562d34dd05b. Original report Summary fickling's UNSAFEIMPORTS blocklist is missing at least 3 stdlib modules that provid...

Linux Distros Unpatched Vulnerability : CVE-2021-29499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifier...

UBUNTU-CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8851

Summary Unsafe fallback to Math.random in module node-uuid, used by the npm package management tool Vulnerability Details CVE-ID: CVE-2015-8851 Description: node.js node-uuid could provide weaker than expected, caused by the use of Math.random instead of a more cryptographically sound source of...

Security Bulletin: node-uuid unsafe fallback to Math.random affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux (CVE-2015-8851)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. A vulnerability in the node-uuid module causes the module to...