Lucene search
K

3147 matches found

CVE
CVE
added 2020/09/25 5:42 a.m.62 views

CVE-2020-26107

Summary: CVE-2020-26107 affects cPanel prior to 88.0.3, where an upgrade establishes predictable PowerDNS API keys, per multiple connected sources. Affected software: cPanel versions before 88.0.3. Root cause / vulnerability detail: During upgrade, the process creates predictable API keys for Pow...

7.5CVSS7.5AI score0.01385EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/23 4:15 p.m.21 views

Default credentials

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

5CVSS7.5AI score0.00327EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/18 3:15 p.m.5 views

CVE-2020-15958

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...

8.6CVSS7.3AI score0.02716EPSS
Exploits2References4
Prion
Prion
added 2020/09/18 3:15 p.m.18 views

Design/Logic Flaw

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...

5CVSS8.3AI score0.02716EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2020/09/18 2:32 p.m.33 views

CVE-2020-15958

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...

8.4AI score0.02716EPSS
Exploits2References4
Zero Day Initiative
Zero Day Initiative
added 2020/09/08 12:0 a.m.29 views

Mitsubishi Electric MELSEC iQ-F Predictable TCP Sequence Number Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Electric MELSEC iQ-F. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ACK packets. When generating ACK packets, the...

9.8CVSS2.4AI score0.0227EPSS
Exploits0References1
NVD
NVD
added 2020/09/04 12:15 p.m.39 views

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS7.6AI score0.00529EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2020/09/04 12:15 p.m.66 views

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS1AI score0.00529EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/09/04 12:15 p.m.28 views

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS6.8AI score0.00529EPSS
Exploits0References4
OSV
OSV
added 2020/09/01 4:3 p.m.17 views

GHSA-V3JV-WRF4-5845 Local Privilege Escalation in npm

Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...

3.3CVSS6.1AI score0.00372EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2020/08/31 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for libqb (EulerOS-SA-2020-1863)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7AI score0.00655EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.20 views

EulerOS 2.0 SP8 : libqb (EulerOS-SA-2020-1863)

According to the version of the libqb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /t...

7.1CVSS7.2AI score0.00655EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/08/04 4:43 a.m.44 views

CVE-2020-16166

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options dont mee...

4.3CVSS1.2AI score0.05228EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/08/03 9:55 p.m.18 views

Mail.ru: Possible access to the car's photo and registration by its ID on [fleet.city-mobil.ru]

Car / driver's license photo cropped with built-in photo editor of fleet.city-mobil.ru could get a predictable name...

2.6AI score
Exploits0
Veracode
Veracode
added 2020/06/24 3:8 a.m.32 views

Denial Of Service (DoS)

ntp is vulnerable to denial of service DoS. The vulnerability exists as it is using highly predictable transmit timestamps could result in time change or DoS...

7.4CVSS1AI score0.04071EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2020/06/18 2:15 p.m.11 views

CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

5.3CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2020/06/18 2:15 p.m.16 views

Design/Logic Flaw

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

5CVSS5.4AI score0.01059EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2020/06/12 11:17 a.m.22 views

Mail.ru: [smena.samokat.ru] Predictable JWT secret

Default secret value was used for JWT generation by smena.samokat.ru What can go wrong if JWT HS256 secret value is secret 😀...

1.3AI score
Exploits0
OSV
OSV
added 2020/06/03 5:15 p.m.5 views

CVE-2020-13784

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...

7.5CVSS7.1AI score0.01296EPSS
Exploits1References2
CVE
CVE
added 2020/06/03 4:23 p.m.96 views

CVE-2020-13784

CVE-2020-13784 concerns the D-Link DIR-865L Ax router with firmware 1.20B01 Beta, where the pseudo-random number generator uses a predictable seed. The connected CNVD entry confirms a security feature issue vulnerability for the same device/firmware, citing the easily guessable PRNG seed as the u...

7.5CVSS7.5AI score0.01296EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder