GHSA-FJ24-GHP9-39V3 Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

GHSA-PWJQ-6WRH-5W8Q Withdrawn Advisory: OnionShare Predictable Pathname

Withdrawn Advisory This advisory has been withdrawn because the advisory concerns the repository https://github.com/onionshare/onionshare, which is not in a supported ecosystem. onionshare-cli is not affected by this issue. Original Description The debugmode function in web/web.py in OnionShare...

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

GHSA-MPMX-GM5V-Q789 Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

GHSA-C4MC-49HQ-Q275 Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

GHSA-382V-GXJ9-FFHC Moodle uses predictable password-recovery tokens

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

Design/Logic Flaw

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

GHSA-8MVW-22R7-W6FQ ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.3 advisory. - The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed has...

GHSA-JG2X-R643-W2CH Jetty Uses Predictable Session Identifiers

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

CVE-2022-1318

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if the...

Hardcoded credentials

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if the...

CVE-2022-1318 Hills ComNav Inadequate Encryption Strength

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if the...

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...