Lucene search
K

137 matches found

Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.8 views

PT-2025-35608

Name of the Vulnerable Software and Affected Versions: Realtek rtl81xx SDK Wi-Fi Driver rtwlanu affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the...

8.8CVSS8.7AI score0.00137EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2025/09/02 12:0 a.m.7 views

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS7.6AI score0.00137EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.7 views

Realtek RTL8811AU 安全漏洞

The Realtek RTL8811AU is a controller chip from Realtek Semiconductor Realtek, a Chinese company. A security vulnerability exists in the Realtek RTL8811AU that stems from insufficient validation of the N6CSetDOT11CIPHERDEFAULTKEY function, which could lead to local elevation of privilege...

7.8CVSS7.3AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.16 views

CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

4.7CVSS5.9AI score0.00264EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:18 a.m.7 views

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

9.8CVSS6.8AI score0.00874EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.7 views

CVE-2022-30325

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker...

8.8CVSS7AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2024/11/04 1:15 a.m.4 views

CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

4.7CVSS4.7AI score0.00264EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/04 12:31 a.m.52 views

CVE-2024-10748 Cosmote Greece What's Up App Realm Database RealmDB.java default key

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

2.5CVSS0.00264EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/04 12:31 a.m.12 views

CVE-2024-10748 Cosmote Greece What's Up App Realm Database RealmDB.java default key

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

2.5CVSS6.8AI score0.00264EPSS
Exploits1References4
CVE
CVE
added 2024/11/04 12:31 a.m.46 views

CVE-2024-10748

Cosmote Greece What’s Up App 4.47.3 (Android) is affected by CVE-2024-10748 in the Realm Database Handler. The issue arises from manipulating the defaultRealmKey in RealmDB.java, causing use of a default cryptographic key. Local access is required; attack complexity is high and exploitation is co...

4.7CVSS4AI score0.00264EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/02 12:0 a.m.7 views

PT-2024-16512 · Cosmote Greece · Cosmote Greece What'S Up App

Name of the Vulnerable Software and Affected Versions: Cosmote Greece What's Up App version 4.47.3 Description: A problematic issue has been found in the Cosmote Greece What's Up App, affecting the Realm Database Handler component, specifically the file gr/desquared/kmmsharedmodule/db/RealmDB.jav...

4.7CVSS4.2AI score0.00264EPSS
Exploits1References9
OSV
OSV
added 2024/08/28 6:15 a.m.7 views

CVE-2024-39584

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution...

8.2CVSS6AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.5 views

Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability that stems from the use of a key that does not follow the principle of least privilege by default, allowing a local attacker...

6.8CVSS6.7AI score0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.6 views

Helm 安全漏洞

Helm is a Kubernetes package manager. A security vulnerability exists in Helm version 0.1.143 up to and including 0.2.182, which stems from the creation of personal access tokens using a default key...

9.1CVSS6.7AI score0.00605EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.8 views

PT-2024-2477

Name of the Vulnerable Software and Affected Versions datahub-helm versions 0.1.143 through 0.2.181 Description The issue is related to the use of a default cryptographic key in the helm chart for deploying Datahub in a Kubernetes cluster. If there was a successful initial deployment during a...

9.4CVSS6.7AI score0.00605EPSS
Exploits0References10
Arista
Arista
added 2024/02/20 12:0 a.m.45 views

Security Advisory 0092

Security Advisory 0092 PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release CVSSv3.1 Base Score: 9.8 CVSS:3.1AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-1394 Use of default cryptographic key This vulnerability is bein...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

Yealink Config Encrypt Tool Security Vulnerability

YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from a possible decryption risk when encrypting Autop deployment files with a default key...

7.5CVSS6.7AI score0.00444EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/21 12:0 a.m.6 views

Ubee DDW365 XCNDDW365 Security Vulnerability

Ubee DDW365 XCNDDW365 is a wireless router. A security vulnerability exists in the Ubee DDW365 XCNDDW365. An attacker can exploit this vulnerability to obtain the default WPA2-PSK value by observing beacon frames...

8.8CVSS6.7AI score0.00483EPSS
Exploits0References2
OSV
OSV
added 2023/12/15 12:15 p.m.5 views

CVE-2023-33221

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you...

9.8CVSS5.8AI score0.01032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.6 views

PT-2023-24231 · Desfire · Desfire

Name of the Vulnerable Software and Affected Versions: DesFire affected versions not specified Description: The function that reads the card isn't properly checking the boundaries when copying internally the data received, allowing a heap-based buffer overflow. This could lead to a potential Remo...

9.8CVSS9.7AI score0.01032EPSS
Exploits0References4
Rows per page
Query Builder