EulerOS 2.0 SP8 : libqb (EulerOS-SA-2020-1863)

According to the version of the libqb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /t...

CVE-2020-16166

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options dont mee...

Mail.ru: Possible access to the car's photo and registration by its ID on [fleet.city-mobil.ru]

Car / driver's license photo cropped with built-in photo editor of fleet.city-mobil.ru could get a predictable name...

Denial Of Service (DoS)

ntp is vulnerable to denial of service DoS. The vulnerability exists as it is using highly predictable transmit timestamps could result in time change or DoS...

CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

Design/Logic Flaw

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

Mail.ru: [smena.samokat.ru] Predictable JWT secret

Default secret value was used for JWT generation by smena.samokat.ru What can go wrong if JWT HS256 secret value is secret 😀...

CVE-2020-13784

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...

CVE-2020-13784

CVE-2020-13784 concerns the D-Link DIR-865L Ax router with firmware 1.20B01 Beta, where the pseudo-random number generator uses a predictable seed. The connected CNVD entry confirms a security feature issue vulnerability for the same device/firmware, citing the easily guessable PRNG seed as the u...

Default credentials

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different f...

CVE-2020-5365

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different f...

CVE-2020-5365

CVE-2020-5365 affects Dell EMC Isilon OneFS versions 8.2.2 and earlier. The vulnerability arises from a pre‑configured remotesupport account with a predictable default password, allowing a remote attacker to compromise the system (per NVD/CNVD entries). CVSSv3.1 base score 7.5 (HIGH). Dell EMC’s ...

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

CVE-2020-9502

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device...

CVE-2020-9502

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device...

CVE-2020-9502

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device...

CVE-2020-9502

CVE-2020-9502 affects some Dahua products built before December 2019 where Session IDs are predictable. This allows an attacker, with network access and no authentication or user interaction, to craft data packets to target devices. The available documents consistently describe the issue as predi...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1519)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : cups on 7.x i686/x86_64 (2020:1050)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:1050-1 advisory. - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. CVE-2018-4180,...