7766 matches found
Number of prizes math is wrong
Handle cmichel Vulnerability details The math described in Splitting the prizes and implemented in DrawCalculator.numberOfPrizesForIndex seems to be wrong. Assuming a bit range of 4 16 possibilities per position and cardinality of 8. Note that degree is determined by the first position where it...
The formula of number of prizes for a degree is wrong
Handle WatchPug Vulnerability details The formula of the number of prizes for a degree per the document: is: Number of prizes for a degree = 2^bit range^degree - 2^bit range^degree-1 - 2^bit range^degree-2 - ... Should be changed to: Number of prizes for a degree = 2^bit range^degree - 2^bit...
Juniper Networks Junos OS 安全漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS contains a security vulnerability that arises from a cyclic flaw in the Juniper Networks Junos O...
Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH)
Exploit Title: Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root Telnet/SSH Date: 21.09.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.cypress.bc.ca !/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor:...
[SECURITY] Fedora 34 Update: flatpak-1.10.5-1.fc34
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information...
Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root
!/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: CTM-ONE 1.3.6-latest CTM-ONE 1.3.1 CTM-ONE 1.1.9 CTM200 2.7.1.5659-latest CTM200 2.0.5.3356-184 Summar...
Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)
Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...
[SECURITY] [DSA 4982-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4982-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 08, 2021 https://www.debian.org/security/faq -...
ESPecter Bootkit Malware Haunts Victims with Persistent Espionage
A rare Windows UEFI bootkit malware has been discovered, offering attackers a path to cyber-espionage, researchers are warning. According to ESET, the bootkit’s goal is to install a full featured backdoor on a target PC, which “supports a rich set of commands and contains various automatic data...
CVE-2021-3436
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions = 1.14.2, = 2.4.0, = 2.5.0 contain Use of Multiple Resources with Duplicate Identifier CWE-694. For more information, see...
CVE-2021-3436
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions = 1.14.2, = 2.4.0, = 2.5.0 contain Use of Multiple Resources with Duplicate Identifier CWE-694. For more information, see...
CVE-2021-3436 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions = 1.14.2, = 2.4.0, = 2.5.0 contain Use of Multiple Resources with Duplicate Identifier CWE-694. For more information, see...
CVE-2021-3436
CVE-2021-3436 affects Zephyr RTOS. The vulnerability allows overwriting an existing bond during the keys distribution phase if the identity address of the bond is known. Affected releases include Zephyr versions >= 1.14.2, >= 2.4.0, and >= 2.5.0, with the issue categorized under CWE-694 ...
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
Add Oracle Linux distribution in platform.py - CVE-2018-20852: Prefix dot in domain for proper subdomain validation - CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client - CVE-2020-26116: http.client allows CRLF injection if...
Zephyr 安全漏洞
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation in the United States. Zephyr suffers from a security vulnerability that stems from the ability to overwrite an existing key during the key distribution phase when the identity address of the key is know...
[SECURITY] [DSA 4980-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4980-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2021 https://www.debian.org/security/faq -...
Android Trojan GriftHorse, the gift horse you definitely should look in the mouth
Researchers at Zimperium have discovered an aggressive mobile premium services campaign with over 10 million victims all over the world. The stolen amount could amass hundreds of millions of Euros. The scam was hidden behind malicious Android apps, and the researchers have named the Trojan...
CVE-2021-41299
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in...
Hardcoded credentials
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in...
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the operations that enabled the campaign: a large-scale...