CVE-2020-8631

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

Design/Logic Flaw

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function...

Design/Logic Flaw

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

Design/Logic Flaw

The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

CVE-2014-3856

The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...

DEBIAN-CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

Default credentials

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

CVE-2013-4441

Pwgen 2.06’s Phonemes mode produces predictable passwords, enabling context-dependent attackers to brute-force-guess passwords. Affected: Pwgen 2.06; root cause: predictability in Phonemes mode. Remediation/patch details are not provided in the connected documents.

CVE-2013-4441

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-1625)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Format string

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

Razer: Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking

The tester discovered a Razer Gold Thailand server was vulnerable to information disclosure due to the use of a predicable reference ID in application URLs which could lead to the ability obtain phone numbers. Razer thanks the tester for his clear report...

Microsoft Windows Multiple Vulnerabilities (KB4534273)

This host is missing a critical security update according to Microsoft KB4534273 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4528760)

This host is missing a critical security update according to Microsoft KB4528760 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...