EulerOS Virtualization 3.0.1.0 : libxslt (EulerOS-SA-2019-1606)

According to the versions of the libxslt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access...

ntp -- Multiple vulnerabilities

nwtime.org reports: Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process. NTP Bug 3610: Processcontrol should exit earlier on short packets. On systems that override the default and enable ntpdc mode 7 fuzz testing detected that a sho...

EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-1592)

According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon...

DEBIAN-CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

Code injection

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/sslsock.h error...

CVE-2019-11323

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/sslsock.h error...

CVE-2019-11323

HAProxy before 1.9.7 is vulnerable due to mishandling a reload with rotated keys, triggering the use of uninitialized, highly predictable HMAC keys in ssl_sock.h. This can lead to disclosure of HMAC keys. Public exploit details are not provided in the documents. The IBM Aspera IBM pages note fixe...

Rockwell Automation/Allen-Bradley MicroLogix Controllers <= 16.00 Predictable Value Range

Binary data 720125.prm...

Schneider Electric Modicon PLCs Predictable Value Range

Binary data 720116.prm...

Siemens WinCC and SIMATIC HMI Panels < 11.0.2.1 Multiple Vulnerabilities

Binary data 720014.prm...

Denial Of Service (DoS) CPU Consumption

mingw32-libxml2 is vulnerable to denial of service. The attack exists because it uses predictable hashing function causing intentional collisions and does not prevent the attacker inputing a malicious message to an XML service, resulting in longer processing time, which could lead to a denial of...

CVE-2019-11641

Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...

EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-1318)

According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon...

EulerOS Virtualization 2.5.4 : rpm (EulerOS-SA-2019-1210)

According to the version of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a...

Design/Logic Flaw

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way...

The vulnerability of the microprogramming software used in Moxa EDS and IKS switches allows a intruder to gain unauthorized access to protected information.

The vulnerability of Moxa EDS and IKS microcontroller software lies in the use of a predictable cookie file during hashing. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information...

DEBIAN-CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

PYSEC-2019-187

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...