net/eternalterminal -- Multiple vulnerabilities

Mitre reports: etserver and etclient have predictable logfile names in /tmp and they are world-readable logfiles...

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

InHand Networks InRouter302 安全漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security vulnerability exists in the InHand Networks InRouter302 version prior to V3.5.56, InRouter615 version prior to V2.3.0.r5542, which stems from a one-way hash algorithm that uses predictable Salt...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...

CVE-2016-15006

The CVE-2016-15006 vulnerability affects enigmaX up to version 2.2, specifically the getSeed function in Scrambling Table Handler (main.c). The issue causes a predictable PRNG seed, with remote attack potential. Exploitation is described as difficult, but a fix exists in version 2.3, with patch i...

PT-2023-24655 · Salt-Ssh +3 · Salt-Ssh +3

Name of the Vulnerable Software and Affected Versions: Salt-SSH affected versions not specified Description: The issue concerns a predictable script path in the Salt-SSH pre-flight option, allowing an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and...

CVE-2021-4238

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

CVE-2016-15005 Cryptographically weak random number generation in github.com/dinever/golf

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

CVE-2021-4277 fredsmith utils Filename screenshot_sync predictable state

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

CVE-2021-4277 fredsmith utils Filename screenshot_sync predictable state

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshotsync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is...

Siemens APOGEE/TALON Field Panels

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC/TALON TC Vulnerabilities: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X days. By default today and yesterday DAYS = 1 will be checked. If a valid session token is...

SUSE: Security Advisory (SUSE-SU-2022:4378-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4378-1 Security update for rabbitmq-server

This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption bsc1205267...

GHSA-HC4J-7MQG-CXJJ PHPServerMon PRNG has Insufficient Entropy

A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may b...