Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19750PUBLISHED: 2019-12-12minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
CVE-2019-4606PUBLISHED: 2019-12-12
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-For...
CVE-2019-16246PUBLISHED: 2019-12-12Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
CVE-2019-17358PUBLISHED: 2019-12-12
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP ...
CVE-2019-17428PUBLISHED: 2019-12-12An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.
User Rank: Strategist
9/17/2014 | 11:28:16 AM
I use a passwordcard (easily found on the web), and only have to remember the starting row/column for the password. On sites which permit password hints, that is all the info I need. Only I know if I'm parsing UP/DOWN/Left/Diagonal,Knightwise, etc. And I know how many characters I'm using - more than 8, less than 50.
I've used the same process when sending secured data to someone who does not have a valid PGP key on my keychain. Share a passwordcard with them, email the starting location and pattern, and encrypt the 7Z using that password. Cumbersome, but unfortunately easy security is easily defeated.