Total
177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31101 | 1 Apache | 1 Inlong | 2023-05-27 | N/A | 6.5 MEDIUM |
| Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | |||||
| CVE-2019-1950 | 1 Cisco | 34 1100-4p Integrated Services Router, 1100-8p Integrated Services Router, 1101-4p Integrated Services Router and 31 more | 2023-05-22 | 7.2 HIGH | 8.4 HIGH |
| A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. | |||||
| CVE-2022-40468 | 1 Tinyproxy Project | 1 Tinyproxy | 2023-05-21 | N/A | 7.5 HIGH |
| Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function. | |||||
| CVE-2023-28978 | 1 Juniper | 1 Junos Os Evolved | 2023-05-02 | N/A | 5.3 MEDIUM |
| An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO. | |||||
| CVE-2018-10968 | 2 D-link, Dlink | 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | |||||
| CVE-2021-35535 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2023-04-19 | 6.8 MEDIUM | 8.1 HIGH |
| Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. | |||||
| CVE-2022-48432 | 1 Jetbrains | 1 Intellij Idea | 2023-04-01 | N/A | 8.8 HIGH |
| In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | |||||
| CVE-2022-1278 | 1 Redhat | 8 Amq, Amq Online, Integration Camel K and 5 more | 2023-03-22 | N/A | 7.5 HIGH |
| A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | |||||
| CVE-2022-48342 | 1 Jetbrains | 1 Teamcity | 2023-03-03 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | |||||
| CVE-2020-7685 | 1 Umbraco | 1 Umbraco Forms | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | |||||
| CVE-2010-2247 | 1 Makepasswd Project | 1 Makepasswd | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| makepasswd 1.10 default settings generate insecure passwords | |||||
| CVE-2014-0234 | 1 Redhat | 1 Openshift | 2023-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
| CVE-2019-19340 | 1 Redhat | 2 Ansible Tower, Enterprise Linux | 2023-02-01 | 6.4 MEDIUM | 8.2 HIGH |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. | |||||
| CVE-2022-46831 | 1 Jetbrains | 1 Teamcity | 2022-12-12 | N/A | 4.9 MEDIUM |
| In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | |||||
| CVE-2019-4169 | 1 Ibm | 6 Open Power, Power System 8335-gtc, Power System 8335-gtg and 3 more | 2022-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. | |||||
| CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2022-11-16 | 4.6 MEDIUM | 7.1 HIGH |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | |||||
| CVE-2021-35965 | 1 Learningdigital | 1 Orca Hcm | 2022-10-27 | 10.0 HIGH | 9.8 CRITICAL |
| The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2021-21505 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2022-10-24 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. | |||||
| CVE-2021-3586 | 1 Redhat | 2 Openshift Service Mesh, Servicemesh-operator | 2022-08-26 | N/A | 9.8 CRITICAL |
| A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-32480 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. | |||||