Lucene search
K

1111 matches found

Cvelist
Cvelist
added 2018/08/15 10:0 p.m.20 views

CVE-2017-13104 Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption

Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

7.2AI score0.00986EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/04 12:0 a.m.4 views

Dialogic PowerMedia XMS Hard-Coded Encryption Key Vulnerability

Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A security vulnerability in the /var/www/xms/application/config/config.php...

9.8CVSS9.5AI score0.01999EPSS
Exploits1References1
OSV
OSV
added 2018/07/03 5:29 p.m.5 views

CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

9.8CVSS5.8AI score0.01999EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/07 12:0 a.m.2 views

WUZHI CMS SQL Injection Vulnerability (CNVD-2018-11099)

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the api/uc.php file in WUZHI CMS version 4.1.0, which stems from the use of hard-coded values for 'UCKEY'. A remote attacke...

9.8CVSS8.5AI score0.01537EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/24 12:0 a.m.1 views

Trend Micro Email Encryption Gateway Authentication Vulnerability

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A security vulnerability exists in the DBCrypto class in Trend Micro TMEEG versi...

7CVSS6.9AI score0.00628EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/09 12:0 a.m.6 views

TP-Link EAP Controller and Omada Controller Hardcoding Vulnerability

TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web application backup file in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows,...

7.5CVSS7AI score0.01206EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2018/05/04 12:0 a.m.67 views

TP-Link EAP Controller CSRF / Hard-Coded Key / XSS

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...

0.5AI score0.01572EPSS
Exploits7
OSV
OSV
added 2018/05/03 6:29 p.m.5 views

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

7.5CVSS5.8AI score0.01206EPSS
Exploits3References2
Cvelist
Cvelist
added 2018/05/03 6:0 p.m.25 views

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

7.6AI score0.01206EPSS
Exploits3References2
CVE
CVE
added 2018/05/01 6:0 p.m.45 views

CVE-2017-14014

Summary of CVE-2017-14014 : The Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI before it is transferred to removable media. This creates a vulnerability (CWE-321: Use of Hard-coded Cryptographic Key) with CVSS3 base score 4.6 (vector AV:P/AC:L/PR...

4.6CVSS4.7AI score0.00398EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/12 6:32 a.m.2 views

AssetView and AssetView PLATINUM contain multiple vulnerabilities

Overview AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below. Use of Hard-coded Cryptographic Key CWE-321 - CVE-2017-10866 Improper Input Validation CWE-20 - CVE-2017-10867 Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported...

8.8CVSS7.5AI score
Exploits0References6
OSV
OSV
added 2017/11/22 7:29 p.m.6 views

CVE-2017-2720

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...

5.3CVSS5.8AI score0.0071EPSS
Exploits0References1
OSV
OSV
added 2017/11/01 2:29 a.m.6 views

CVE-2017-14021

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e,...

9.8CVSS5.8AI score0.01923EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/09/20 4:29 p.m.3 views

CVE-2017-9649

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External...

5.4CVSS5.5AI score0.00464EPSS
Exploits0References3
CNVD
CNVD
added 2017/08/29 12:0 a.m.3 views

Multiple Westermo devices hard-coded to use encryption key vulnerability

The Westermo MRD-305-DIN, MRD-315 and MRD-355 are all router products from Westermo, Sweden. A security vulnerability exists in multiple Westermo devices. An attacker could exploit the vulnerability to decode traffic from other sources...

7.5CVSS7.8AI score0.01532EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/26 12:0 a.m.3 views

Multiple Westermo Routers Hardcoded Password Vulnerability

The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...

7.1AI score
Exploits0References1
OSV
OSV
added 2017/04/26 2:59 p.m.3 views

CVE-2017-6054

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

7.5CVSS5.8AI score0.02096EPSS
Exploits0References3
CNVD
CNVD
added 2017/04/12 12:0 a.m.3 views

Hardcoded Credentials Vulnerability in Multiple Foscam Devices

Foscam is the world's leading provider of home security IP cameras. A security vulnerability exists in the use of the same hard-coded SSL private key for Foscam networked devices across different customer installations. A remote attacker could utilize another installation with knowledge of this k...

8.1CVSS6.9AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/06 12:0 a.m.3 views

Schneider Modicon M221CE16R Hard-Coded Vulnerability

The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...

7AI score
Exploits0References1
CNVD
CNVD
added 2017/02/28 12:0 a.m.1 views

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...

6.8AI score
Exploits0References1
Rows per page
Query Builder