Lucene search
K

8072 matches found

RubySec
RubySec
added 2022/05/17 12:0 a.m.18 views

Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.8CVSS7.2AI score0.03002EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.18 views

hard-coded slippage may freeze user funds during market turbulence (resubmit to downgrade severity)

Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.7 views

hard-coded slippage may freeze user funds during market turbulence

Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 1:17 a.m.34 views

Use of Hard-coded Cryptographic Key in Apache Tomcat

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.3CVSS4.2AI score0.0657EPSS
Exploits0References20Affected Software1
OSV
OSV
added 2022/05/13 8:15 p.m.6 views

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

7.5CVSS5.8AI score0.04397EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/13 8:15 p.m.6 views

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

7.5CVSS5.8AI score0.04397EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/05/13 8:15 p.m.24 views

Hardcoded credentials

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

5CVSS7.5AI score0.04397EPSS
Exploits0References1Affected Software5
CNNVD
CNNVD
added 2022/05/13 12:0 a.m.3 views

SonicWall SMA1000 series 信任管理问题漏洞

The SonicWall SMA1000 series is a family of secure mobile access solutions from SonicWall USA, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. A security vulnerability exists in SonicWall SMA1000 series firmware version...

7.5CVSS7.6AI score0.04397EPSS
Exploits0References3
OSV
OSV
added 2022/05/12 5:15 p.m.3 views

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

8.8CVSS5.8AI score0.01003EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.6 views

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

4.3CVSS8.6AI score0.01003EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.25 views

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

4.3CVSS8.9AI score0.01003EPSS
Exploits1References2
CVE
CVE
added 2022/05/12 5:1 p.m.70 views

CVE-2022-27172

CVE-2022-27172 affects InHand Networks InRouter302 (V3.5.37). Talos and CNVD/CVE records confirm a hard-coded password vulnerability in the console infactory functionality that enables privileged operation execution when a crafted network sequence is sent. The vulnerability is demonstrated by a p...

8.8CVSS8.6AI score0.01003EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.3 views

PT-2022-2958 · Sonicwall · Sonicwall Sma1000

Name of the Vulnerable Software and Affected Versions: SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier Description: The issue is related to the use of a shared and hard-coded encryption key to store data. This could allow an attacker to disclose protected information...

7.5CVSS7.2AI score0.04397EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.303 views

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor

Exploit Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Exploit Author: LiquidWorm !/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com |...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/10 7:0 a.m.1 views

CVE-2022-30234

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

10CVSS7.5AI score0.01063EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.5 views

InHand Networks InRouter302 信任管理问题漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains a hard-coded credential vulnerability that could be exploited by an attacker to send specially crafted network requests that could lead to the execution of...

8.8CVSS5.9AI score0.01003EPSS
Exploits1References5
Talos
Talos
added 2022/05/10 12:0 a.m.57 views

InHand Networks InRouter302 console infactory hard-coded password vulnerability

Summary A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...

8.8CVSS6.8AI score0.01003EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.5 views

Automation 360 信任管理问题漏洞

Automation 360 is a cloud-native end-to-end intelligent automation platform. A security vulnerability exists in Automation 360 version 22 that stems from a hard-coded encryption key that can decrypt exported RPA packages...

7.5CVSS7.3AI score0.0152EPSS
Exploits2References3
CNVD
CNVD
added 2022/04/28 12:0 a.m.17 views

Apache Doris Information Disclosure Vulnerability

Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...

7.5CVSS3.1AI score0.03137EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.6 views

Bender ebee 充电控制器 信任管理问题漏洞

The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from the susceptibility to hard-coded credentials. An attacker may be able to use a password to gain administrative access to the Web UI. The following products and version...

9.8CVSS8.3AI score0.01012EPSS
Exploits0References2
Rows per page
Query Builder