Lucene search
K

137 matches found

Tenable Nessus
Tenable Nessus
added 2013/04/04 12:0 a.m.28 views

SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)

The ruby interpreter received a fix for two security issues : - Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE = 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. CVE-2012-4466 The problem found was...

5CVSS8.1AI score0.06671EPSS
Exploits3References10
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.10 views

Nmap NSE 6.01: smb-system-info

Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.13 views

Nmap NSE 6.01: smbv2-enabled

Checks whether or not a server is running the SMBv2 protocol. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed to 'extended security'. Against most modern systems, extended security should work, but there may be cases where you want to force basic. There's a chance th...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.23 views

Nmap NSE 6.01: smb-enum-sessions

Enumerates the users logged into a system either locally or through an SMB share. The local users can be logged on either physically on the machine, or through a terminal services session. Connections to a SMB share are, for example, people connected to fileshares or making RPC calls. Nmap's...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.21 views

Nmap NSE 6.01: p2p-conficker

Checks if a host is infected with Conficker.C or higher, based on Conficker's peer to peer communication. When Conficker.C or higher infects a system, it opens four ports: two TCP and two UDP. The ports are random, but are seeded with the current week and the IP of the infected host. By determini...

Exploits0
OSV
OSV
added 2012/12/31 12:0 a.m.3 views

UBUNTU-CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...

5.9CVSS6.8AI score0.02371EPSS
Exploits0References5
Atlassian
Atlassian
added 2012/07/27 5:34 a.m.17 views

ValidationHash generation should use random.SystemRandom instead of random class

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47146. panel ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a rando...

0.1AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2012/03/19 7:0 p.m.20 views

CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

6AI score0.0035EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2012/01/30 6:23 p.m.5 views

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

5CVSS5.8AI score0.02088EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2011/12/05 7:38 p.m.5 views

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

5CVSS5.8AI score0.02088EPSS
Exploits0References3
Prion
Prion
added 2011/08/05 10:55 p.m.21 views

Sql injection

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

5CVSS6.5AI score0.02088EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2011/08/05 10:55 p.m.4 views

CVE-2011-3009

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

5CVSS5.5AI score0.02088EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2011/08/05 10:55 p.m.34 views

CVE-2011-3009

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

5CVSS5.9AI score0.02088EPSS
Exploits0References1
Cvelist
Cvelist
added 2011/08/05 10:0 p.m.28 views

CVE-2011-3009

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

6.1AI score0.02088EPSS
Exploits0References6
CVE
CVE
added 2011/08/05 10:0 p.m.82 views

CVE-2011-3009

CVE-2011-3009 is confirmed in connected advisories as affecting Ruby before 1.8.6-p114, where the random seed is not reset on fork, enabling context-dependent prediction of random numbers (related to CVE-2003-0900). MiracleLinux advisories list this CVE among affected Ruby packages and indicate r...

5CVSS6.2AI score0.02088EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2011/08/05 9:55 p.m.19 views

CVE-2011-2686

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...

5CVSS6.2AI score0.02582EPSS
Exploits1References13
Prion
Prion
added 2011/08/05 9:55 p.m.22 views

Design/Logic Flaw

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...

5CVSS6.5AI score0.02582EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCve
added 2011/08/05 12:0 a.m.27 views

CVE-2011-2686

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...

5CVSS7.1AI score0.02582EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2011/08/05 12:0 a.m.3 views

PT-2011-4027 · Ruby +1 · Ruby +1

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 1.8.7-p352 Description: The issue makes it easier for attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process. This occurs because the rando...

7.8CVSS6.9AI score0.06671EPSS
Exploits4References42
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.14 views

Nmap NSE net: stuxnet-detect

Detects whether a host is infected with the Stuxnet worm http://en.wikipedia.org/wiki/Stuxnet. An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed...

Exploits0
Rows per page
Query Builder