50 matches found
CVE-2022-25219
CVE-2022-25219/25218 describe a flaw in the telnetd_startup routine where the use of RSA without padding (or OAEP) enables an unauthenticated attacker on the local network to influence the decrypted plaintext via crafted UDP packets, potentially gaining a root shell. The 25219 issue centers on a ...
Fortinet FortiPortal Security Feature Issue Vulnerability
Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for use by MSPs. versions, a security feature issue vulnerability exists that stems from the use o...
CVE-2021-32033
CVE-2021-32033 affects Protectimus SLIM NFC 70 with firmware 10.01. The root cause is that the device’s internal real-time clock (RTC) can be set independently from the TOTP seed, without authentication, allowing an attacker with short-term physical access to set the clock forward, generate futur...
CVE-2020-27020
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information for example, time of password generation...
Amazon Linux AMI : cloud-init (ALAS-2021-1486)
The version of cloud-init installed on the remote host is prior to 0.7.6-43.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1486 advisory. A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1519)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...
CVE-2013-4441
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
CVE-2013-4441
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
DEBIAN-CVE-2013-4441
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
Default credentials
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
CVE-2013-4441
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
CVE-2013-4441
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
CVE-2013-4441
Pwgen 2.06’s Phonemes mode produces predictable passwords, enabling context-dependent attackers to brute-force-guess passwords. Affected: Pwgen 2.06; root cause: predictability in Phonemes mode. Remediation/patch details are not provided in the connected documents.
Default credentials
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wi...
Default credentials
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI...
UBUNTU-CVE-2017-18021
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI...
DEBIAN-CVE-2017-18021
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI...
Trust Management Vulnerability in Multiple Arris Devices (CNVD-2015-07832)
The Arris DG860A, TG862A and TG862G are modem products from the Arris Group of Companies. A security vulnerability exists in a number of Arris devices that stems from the program's use of predictable technician passwords. The vulnerability can be exploited by a remote attacker to gain access via...
CVE-2009-5149
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue...