Code injection

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-2317

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-2317

CVE-2019-2317 is a vulnerability in Qualcomm Snapdragon components where the secret key used to generate the TCP Initial Sequence Number (ISN) in SYN packets can be brute-forced, enabling prediction of ISNs. Affected products include a wide range of Snapdragon platforms (Auto, Compute, Consumer I...

The vulnerability of the Gem::CommandManage module in the RubyGems package management system, due to insufficient protection, allows an attacker to compromise data integrity.

The vulnerability of the Gem::CommandManage module in the RubyGems package management system is related to insufficient protection. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise data integrity by using a specially crafted escape sequence...

The vulnerability of the Gem::UserInteraction module in the RubyGems package management system allows a hacker to compromise data integrity.

The vulnerability of the Gem::UserInteraction module in the RubyGems package management system is related to insufficient protection. Exploiting this vulnerability could allow a malicious actor to compromise data integrity by using a specially crafted escape sequence...

DEBIAN-CVE-2020-9366

A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...

GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection

Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

SUSE-SU-2020:0424-1 Security update for rsyslog

This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages bsc1153451. - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages bsc1153459. Non-security issues fixed: - Handle multiline...

Design/Logic Flaw

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

CVE-2018-21033

The CVE-2018-21033 vulnerability affects Hitachi Command Suite (and related products) prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00, and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00. The issue allows authenticated remote users to load an arbitrary CSS token sequen...

CVE-2018-14553

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd not bundled...

Pytm - A Pythonic Framework For Threat Modeling

Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...

CVE-2020-5319

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability an...

Virtuozzo 7 : readykernel-patch (VZA-2019-068)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - tcp: integer overflow while processing SACK blocks allows remote denial of service. An integer overflow was found in...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for irssi (EulerOS-SA-2019-2477)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1932)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1108

A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated...