CVE-2019-17105

Centreon Web prior to 2.8.27 is affected by CVE-2019-17105 where the token generator in index.php is predictable. The issue is documented as a predictable token generator, enabling potential token guessing that could enable unauthorized access or session-related abuse. Connected sources also desc...

Export Users to CSV < 1.4 - Unauthorised CSV Access

The plugin exports a CSV file containing sensitive user data. The generated files are stored in a public directory with a predictable filename based on a Unix timestamp. CSV files are discoverable either through enumeration or path traversal. Export Users to CSV does not provide visibility over...

CVE-2019-12737

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials...

CVE-2019-12737

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials...

Command injection

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials...

CVE-2019-12737

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials...

Debian DLA-1936-1 : cups security update

An issue has been found in cups, the Common UNIX Printing Systemtm. While generating a session cookie for the CUPS web interface, a predictable random number seed was used. This could lead to unauthorized scripted access to the enabled web interface. For Debian 8 'Jessie', this problem has been...

CloudBees Jenkins Aqua MicroScanner Plugin Elevation of Privilege Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...

CVE-2019-10754

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...

CVE-2019-10755

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...

CVE-2019-10754

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...

CVE-2019-10755

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...

Code injection

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...

CVE-2019-10754

CVE-2019-10754 affects Apereo CAS before release 6.1.0-RC5. The root cause is the use of apache commons-lang3’s RandomStringUtils for token and ID generation, whose PRNG is not cryptographically strong, making generated values predictable. This predictability can enable an attacker to infer token...

Dell RSA BSAFE Crypto-J Encryption Issue Vulnerability

Dell RSA BSAFE Crypto-J is RSA's FIPS-validated Java cryptographic module. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5. An attacker could exploit this vulnerability to force both parties to compute the same predictable shared key...

CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key...

Design/Logic Flaw

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key...

CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key...

CVE-2019-15130

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...

CVE-2019-15130

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...