Total
177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20342 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-143534321 | |||||
| CVE-2021-38759 | 1 Raspberrypi | 1 Raspberry Pi Os Lite | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges. | |||||
| CVE-2021-0468 | 1 Google | 1 Android | 2022-07-12 | 4.4 MEDIUM | 6.6 MEDIUM |
| In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272 | |||||
| CVE-2020-12732 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | |||||
| CVE-2021-44480 | 1 Wokkalokka | 2 Wokka Watch Q50, Wokka Watch Q50 Firmware | 2022-07-12 | 9.3 HIGH | 8.1 HIGH |
| Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. | |||||
| CVE-2021-28123 | 1 Cohesity | 1 Cohesity Dataplatform | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | |||||
| CVE-2021-35336 | 1 Tieline | 2 Ip Audtio Gateway, Ip Audtio Gateway Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. | |||||
| CVE-2021-42109 | 1 Vitec | 19 Avediastream M9305, Avediastream M9305 Firmware, Avediastream M9325 and 16 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. | |||||
| CVE-2022-31806 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-07-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. | |||||
| CVE-2021-39767 | 1 Google | 1 Android | 2022-06-05 | 4.6 MEDIUM | 7.8 HIGH |
| In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 | |||||
| CVE-2021-0114 | 1 Intel | 1064 Atom C3000, Atom C3308, Atom C3336 and 1061 more | 2022-05-03 | 7.2 HIGH | 6.7 MEDIUM |
| Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2022-04-28 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | |||||
| CVE-2020-14011 | 1 Lansweeper | 1 Lansweeper | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | |||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. | |||||
| CVE-2021-41192 | 1 Redash | 1 Redash | 2022-03-29 | 3.5 LOW | 6.5 MEDIUM |
| Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory. | |||||
| CVE-2021-0144 | 1 Intel | 1064 Atom C3000, Atom C3308, Atom C3336 and 1061 more | 2022-02-24 | 7.2 HIGH | 6.7 MEDIUM |
| Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2019-1804 | 1 Cisco | 26 Nexus 93108tc-ex, Nexus 93108tc-ex Firmware, Nexus 93120tx and 23 more | 2021-11-03 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. | |||||
| CVE-2019-7476 | 1 Sonicwall | 1 Global Management System | 2021-11-03 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | |||||
| CVE-2021-40825 | 1 Acuitybrands | 2 Nlight Eclypse System Controller, Nlight Eclypse System Controller Firmware | 2021-10-04 | 5.0 MEDIUM | 8.6 HIGH |
| nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller. | |||||
| CVE-2019-14222 | 1 Alfresco | 1 Alfresco | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface. | |||||