Vulnerabilities (CVE)

Filtered by CWE-1188
Total 157 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7729 2 Debian, Gruntjs 2 Debian Linux, Grunt 2024-02-04 4.6 MEDIUM 7.1 HIGH
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVE-2020-10279 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more 20 Mir100, Mir1000, Mir1000 Firmware and 17 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.
CVE-2020-14011 1 Lansweeper 1 Lansweeper 2024-02-04 7.5 HIGH 9.8 CRITICAL
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
CVE-2020-7685 1 Umbraco 1 Umbraco Forms 2024-02-04 5.0 MEDIUM 7.5 HIGH
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.
CVE-2020-16873 2 Google, Microsoft 2 Chrome, Xamarin.forms 2024-02-04 6.8 MEDIUM 4.7 MEDIUM
<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>
CVE-2014-0234 1 Redhat 1 Openshift 2024-02-04 7.5 HIGH 9.8 CRITICAL
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
CVE-2019-2197 1 Google 1 Android 2024-02-04 2.1 LOW 5.5 MEDIUM
In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441
CVE-2019-4621 1 Ibm 1 Datapower Gateway 2024-02-04 6.8 MEDIUM 9.8 CRITICAL
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-17274 1 Netapp 6 All Flash Fabric-attached Storage A400, All Flash Fabric-attached Storage A400 Firmware, Fabric-attached Storage 8300 and 3 more 2024-02-04 7.2 HIGH 7.8 HIGH
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
CVE-2019-1950 1 Cisco 34 1100-4p Integrated Services Router, 1100-8p Integrated Services Router, 1101-4p Integrated Services Router and 31 more 2024-02-04 7.2 HIGH 8.4 HIGH
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.
CVE-2010-2247 1 Makepasswd Project 1 Makepasswd 2024-02-04 5.0 MEDIUM 7.5 HIGH
makepasswd 1.10 default settings generate insecure passwords
CVE-2019-19340 1 Redhat 2 Ansible Tower, Enterprise Linux 2024-02-04 6.4 MEDIUM 8.2 HIGH
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
CVE-2019-16272 1 Dten 4 D5, D5 Firmware, D7 and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.
CVE-2008-3278 1 Redhat 2 Enterprise Linux, Frysk 2024-02-04 4.6 MEDIUM 7.8 HIGH
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.
CVE-2019-19251 1 Last.fm 1 Last.fm Desktop 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
CVE-2019-11618 1 Doorgets 1 Doorgets Cms 2024-02-04 7.5 HIGH 9.8 CRITICAL
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.
CVE-2019-7476 1 Sonicwall 1 Global Management System 2024-02-04 6.8 MEDIUM 8.1 HIGH
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.
CVE-2019-2041 1 Google 1 Android 2024-02-04 6.9 MEDIUM 7.3 HIGH
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.
CVE-2019-2120 1 Google 1 Android 2024-02-04 7.2 HIGH 7.8 HIGH
In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130821293.
CVE-2019-7252 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
Linear eMerge E3-Series devices have Default Credentials.