3147 matches found
CVE-2020-26107
Summary: CVE-2020-26107 affects cPanel prior to 88.0.3, where an upgrade establishes predictable PowerDNS API keys, per multiple connected sources. Affected software: cPanel versions before 88.0.3. Root cause / vulnerability detail: During upgrade, the process creates predictable API keys for Pow...
Default credentials
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...
CVE-2020-15958
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...
Design/Logic Flaw
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...
CVE-2020-15958
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL...
Mitsubishi Electric MELSEC iQ-F Predictable TCP Sequence Number Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mitsubishi Electric MELSEC iQ-F. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ACK packets. When generating ACK packets, the...
CVE-2019-3881
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
CVE-2019-3881
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
CVE-2019-3881
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
GHSA-V3JV-WRF4-5845 Local Privilege Escalation in npm
Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...
Huawei EulerOS: Security Advisory for libqb (EulerOS-SA-2020-1863)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : libqb (EulerOS-SA-2020-1863)
According to the version of the libqb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /t...
CVE-2020-16166
A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options dont mee...
Mail.ru: Possible access to the car's photo and registration by its ID on [fleet.city-mobil.ru]
Car / driver's license photo cropped with built-in photo editor of fleet.city-mobil.ru could get a predictable name...
Denial Of Service (DoS)
ntp is vulnerable to denial of service DoS. The vulnerability exists as it is using highly predictable transmit timestamps could result in time change or DoS...
CVE-2020-14423
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...
Design/Logic Flaw
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...
Mail.ru: [smena.samokat.ru] Predictable JWT secret
Default secret value was used for JWT generation by smena.samokat.ru What can go wrong if JWT HS256 secret value is secret 😀...
CVE-2020-13784
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...
CVE-2020-13784
CVE-2020-13784 concerns the D-Link DIR-865L Ax router with firmware 1.20B01 Beta, where the pseudo-random number generator uses a predictable seed. The connected CNVD entry confirms a security feature issue vulnerability for the same device/firmware, citing the easily guessable PRNG seed as the u...