Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35535 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. | |||||
| CVE-2021-34795 | 1 Cisco | 10 Catalyst Pon Switch Cgp-ont-1p, Catalyst Pon Switch Cgp-ont-1p Firmware, Catalyst Pon Switch Cgp-ont-4p and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-41192 | 1 Redash | 1 Redash | 2024-02-04 | 3.5 LOW | 6.5 MEDIUM |
| Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory. | |||||
| CVE-2021-44480 | 1 Wokkalokka | 2 Wokka Watch Q50, Wokka Watch Q50 Firmware | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
| Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. | |||||
| CVE-2021-40825 | 1 Acuitybrands | 2 Nlight Eclypse System Controller, Nlight Eclypse System Controller Firmware | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
| nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller. | |||||
| CVE-2021-0534 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543 | |||||
| CVE-2021-35965 | 1 Learningdigital | 1 Orca Hcm | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2021-0114 | 1 Intel | 1064 Atom C3000, Atom C3308, Atom C3336 and 1061 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0144 | 1 Intel | 1064 Atom C3000, Atom C3308, Atom C3336 and 1061 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-21505 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. | |||||
| CVE-2021-28123 | 1 Cohesity | 1 Cohesity Dataplatform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | |||||
| CVE-2021-35336 | 1 Tieline | 2 Ip Audtio Gateway, Ip Audtio Gateway Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. | |||||
| CVE-2021-0468 | 1 Google | 1 Android | 2024-02-04 | 4.4 MEDIUM | 6.6 MEDIUM |
| In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272 | |||||
| CVE-2020-12732 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | |||||
| CVE-2020-12327 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | |||||
| CVE-2020-8705 | 1 Intel | 3 Converged Security And Manageability Engine, Server Platform Services, Trusted Execution Technology | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. | |||||
| CVE-2020-26930 | 1 Netgear | 2 Ex7700, Ex7700 Firmware | 2024-02-04 | 5.5 MEDIUM | 3.8 LOW |
| NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | |||||
| CVE-2020-0416 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 | |||||
| CVE-2019-13393 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. | |||||