Exploit for Insecure Default Initialization of Resource in Apache Superset

CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache Su...

Oracle Linux 9 : samba (ELSA-2023-2519)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2519 advisory. - resolves: rhbz2154373 - Fix CVE-2022-38023 - Fix CVE-2022-1615 GnuTLS gnutlsrnd can fail and give predictable random values - resolves: rhbz2108332 - Fix...

CVE-2023-4695

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

Code injection

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

PKP Web Application Library Security Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A security vulnerability exists in the PKP Web Application Library prior to version 3.3.0-16, which...

SonicWALL GMS Virtual Appliance HttpDigestAuthenticator Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpDigestAuthenticator class. The issue results from a predictable...

CVE-2023-3373

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections session hijacking ...

Mitsubishi Electric GOT2000 and GOT SIMPLE

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker...

PT-2023-9782 · Mitsubishi · Got2000 Series +1

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior Mitsubishi Electric Corporation GOT SIMPLE Series GS21 model versions 01.49.000 and prior Description: The issue is related to a Predictable Exact Value fr...

PT-2023-8395

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of...

Default credentials

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

Moxa IKS, EDS Uncontrolled Resource Consumption (CVE-2019-6559)

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Moxa IKS, EDS Out-of-Bounds Read (CVE-2019-6522)

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. This plugin only works with Tenable.ot. Please visit...

Moxa IKS, EDS Predictable From Observable State (CVE-2019-6563)

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Moxa IKS, EDS Improper Restriction of Excessive Authentication Attempts (CVE-2019-6524)

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Moxa IKS, EDS Buffer Copy Without Checking Size of Input (CVE-2019-6557)

Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...

Oracle Linux 8 : nodejs:16 (ELSA-2023-4034)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4034 advisory. nodejs 1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 Tenable has extracted the...