Total
134 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5367 | 1 Hp | 1 Intelligent Management Center | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
CVE-2018-17497 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
CVE-2019-16102 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | |||||
CVE-2019-2043 | 1 Google | 1 Android | 2024-02-04 | 6.9 MEDIUM | 7.3 HIGH |
In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087 | |||||
CVE-2019-1804 | 1 Cisco | 26 Nexus 93108tc-ex, Nexus 93108tc-ex Firmware, Nexus 93120tx and 23 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. | |||||
CVE-2018-19275 | 1 Mitel | 2 Cmg Suite, Inattend | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | |||||
CVE-2019-5497 | 1 Netapp | 3 Aff A700s, Aff A700s Firmware, Clustered Data Ontap | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | |||||
CVE-2018-17485 | 1 Jollytech | 1 Lobby Track | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
CVE-2019-7668 | 1 Primasystems | 1 Flexair | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Prima Systems FlexAir devices have Default Credentials. | |||||
CVE-2019-15304 | 1 Progradegrill | 2 Wifi Grilling Thermometer, Wifi Grilling Thermometer Firmware | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding. | |||||
CVE-2019-5490 | 1 Netapp | 2 Clustered Data Ontap, Service Processor | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. | |||||
CVE-2019-4169 | 1 Ibm | 6 Open Power, Power System 8335-gtc, Power System 8335-gtg and 3 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. | |||||
CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | |||||
CVE-2019-2131 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119115683. | |||||
CVE-2018-20052 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command. | |||||
CVE-2018-1524 | 1 Ibm | 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. | |||||
CVE-2018-15685 | 1 Electronjs | 1 Electron | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | |||||
CVE-2018-3825 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known. | |||||
CVE-2018-15350 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | |||||
CVE-2018-10605 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. |