CVE-2020-10270 RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...

Security Drift – The Silent Killer

Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate CAGR at anywhere between 8 to 15%. It is not surprising to see this growth in spendin...

Huawei Data Communication: SNMP agent usm-user password complexity check

Configure password complexity check for SNMPv3 users. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fooling NLP Systems Through Word Swapping

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find...

CVE-2019-11745

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

CVE-2019-19093

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords...

CVE-2019-19093

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords...

Design/Logic Flaw

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords...

CVE-2019-19093 ABB eSOMS: Password complexity issue

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords...

CVE-2019-19093

CVE-2019-19093 affects ABB eSOMS,具体ly versions 4.0–6.0.3, where password complexity settings are not enforced. The root cause is weak password requirements, leading to insecure user credentials and potential impact to confidentiality and integrity. The connected documents confirm this CWE-521 wea...

CVE-2019-14833

A flaw was found in Samba in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASC...

PT-2020-10042 · Esoms · Esoms

Name of the Vulnerable Software and Affected Versions: eSOMS versions 4.0 to 6.0.3 Description: The issue is related to the lack of password complexity settings enforcement, potentially leading to lower access security due to insecure user passwords. Recommendations: For eSOMS versions 4.0 to...

Python -- multiple vulnerabilities

Python reports: gh-95778: Converting between int and str in bases other than 2 binary, 4, 8 octal, 16 hexadecimal, or 32 such as base 10 decimal now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic...

EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2020-1270)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via...

Chrome Cookie Extraction

Extract cookies from Chrome using Chrome’s Remote Debugging Protocol Recent assessments: 0xEmma at March 15, 2020 7:03pm UTC reported: Although this can lead to cookie leaks, the typical session cookie expires. And the complexity of this attack requires local access to a system, which, generally...

EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2020-1231)

According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-1231)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-13011

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity...

CVE-2019-13011

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity...

CVE-2019-13011

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity...