Code injection

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

CVE-2022-3010 Predictable SSH credentials in Priva TopControl Suite

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

CVE-2022-3010 Predictable SSH credentials in Priva TopControl Suite

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...

PT-2024-11551 · Priva · Priva Topcontrol Suite

Name of the Vulnerable Software and Affected Versions: Priva TopControl Suite affected versions not specified Description: The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. This makes it possible for an attacker to calculate the login...

CVE-2023-40038

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit...

Default credentials

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit...

CVE-2023-40038

The CVE-2023-40038 entry concerns Arris DG860A and DG1670A devices with predictable default WPA2 PSKs. The root issue is a derivation scheme that combines the first 6 characters of the SSID and the last 6 characters of the BSSID (with the last digit decremented), yielding easily guessable credent...

CVE-2023-40038

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3421)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-6376 Henschen & Associates court document management software cache uses predictable file names

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents...

c-ares: Insufficient randomness in generation of DNS query IDs

A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...

RHEL 9 : c-ares (RHSA-2023:6635)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6635 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been...

SUSE CVE-2015-5287

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump...

CVE-2022-26943

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...

Ubuntu 18.04 ESM : Bundler vulnerability (USN-4870-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4870-1 advisory. It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

Hardcoded credentials

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

PT-2023-20985 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2780)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...