CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...

CVE-2024-20056

CVE-2024-20056 affects MediaTek preloader: insecure default value enables local privilege escalation to SYSTEM, with no user interaction required. Patch ALPS08528185/ALPS08528185 issued; details on exploitation not provided in the connected docs.

CVE-2024-32114

A flaw was found in Apache ActiveMQ. This vulnerability contains an insecure default configuration in Jolokia and REST API, allowing any user to bypass security restrictions. The vulnerability exists due to missing authorization in the application's REST API. The default configuration doesn't...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

Hikvision Interactive Tablet DS-D5B86RB/B 安全漏洞

The Hikvision Interactive Tablet DS-D5B86RB/B is a 4K interactive display from Hikvision China. A security vulnerability exists in Hikvision Interactive Tablet DS-D5B86RB/B version V2.3.0 build220119, which stems from the presence of an insecure default configuration that allows an attacker to...

SUSE CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...

BIT-GHOST-2022-47195

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

Default configuration

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product...

PT-2024-21246 · Unknown · Oet-213H-Bts1

Name of the Vulnerable Software and Affected Versions: OET-213H-BTS1 affected versions not specified Description: The issue concerns an insecure default vulnerability in the initialization of a resource. This allows a network-adjacent unauthenticated attacker to configure and control the affected...

Insecure Default Initialization of Resource

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the Liferay-Portal response header. An attacker can obtain sensitive version information by sending crafted HTTP...

USN-6638-1: EDK II vulnerabilities

Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. CVE-2022-36763, CVE-2022-36764, CVE-2022-36765 It was discovered that a buffer overflows exists in EDK2's Network...

Ubuntu: Security Advisory (USN-6638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

PT-2024-13784 · Canonical · Lxd

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Description: The issue is related to an insecure default setting that allows the UEFI Shell in EDK2, which was left enabled in LXD. This setting enables an OS-resident attacker to bypass Secure Boot...

Google Pixel Watch elevation of privilege vulnerability

Google Pixel Watch is a smartwatch from the American company Google Google. Google Pixel Watch elevation of privilege vulnerability, which is due to an insecure default value flaw in the checkDebuggingDisabled function in DeviceVersionFragment.java, can be exploited by an attacker to gain elevate...

VulnCheck KEV: CVE-2023-27524

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRETKEY according to installation instructions...

CVE-2023-48418

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...

Google Pixel Watch 安全漏洞

Google Pixel Watch is a smartwatch from the American company Google Google. Google Pixel Watch elevation of privilege vulnerability, which is due to an insecure default value flaw in the checkDebuggingDisabled function in DeviceVersionFragment.java, can be exploited by an attacker to gain elevate...