Lucene search
K

8071 matches found

CNNVD
CNNVD
added 2022/04/13 12:0 a.m.5 views

Citrix SD-WAN 信任管理问题漏洞

Citrix SD-WAN is a networking product from Citrix, Inc. It virtualizes and optimizes enterprise site-to-site networks. A security vulnerability exists in Citrix SD-WAN that stems from hard-coded credentials that allow administrators to access the shell via the SD-WAN CLI...

6.8CVSS5.3AI score0.00633EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/12 6:45 p.m.3 views

CVE-2022-27506

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI...

6.8CVSS5.9AI score0.00633EPSS
Exploits0References2
NVD
NVD
added 2022/04/12 6:15 p.m.22 views

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

7.1CVSS0.00176EPSS
Exploits0References1
OSV
OSV
added 2022/04/12 6:15 p.m.5 views

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2022/04/12 5:50 p.m.82 views

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x–9.1.x is affected by a vulnerability due to hard coded credentials that allow a locally authenticated attacker to log in as the admin user to the backend Ethernet switch of a PowerScale cluster, potentially taking the switch offline. Root cause: hard coded credenti...

7.1CVSS5.4AI score0.00176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/12 5:50 p.m.18 views

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

7.1CVSS7AI score0.00176EPSS
Exploits0References1
Citrix
Citrix
added 2022/04/12 12:0 a.m.92 views

Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506

Vulnerabilities have been discovered in multiple Citrix SD-WAN products. These vulnerabilities, if exploited, could result in the following security issues: CVE-ID| Description| CWE| Affected Products| Pre-conditions ---|---|---|---|--- CVE-2022-27505| Reflected cross site scriptingXSS| CWE-79:...

6.1CVSS5.4AI score0.00633EPSS
Exploits0
CNVD
CNVD
added 2022/04/08 12:0 a.m.22 views

Fortinet FortiEDR Trust Management Issue Vulnerability (CNVD-2022-47976)

Fortinet FortiEDR is a scratch-built endpoint security solution from Fortinet U.S.A. Fortinet FortiEDR is vulnerable to a trust management issue that stems from the use of hard-coded encrypted RSA keys, which can be exploited by local attackers to disable and offload collectors from endpoints in...

7.8CVSS2.8AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2022/04/07 7:15 p.m.4 views

CVE-2022-26671

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

7.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/04/07 7:15 p.m.19 views

CVE-2022-26671

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

7.5CVSS0.00938EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/07 6:22 p.m.43 views

CVE-2022-26671 TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

7.3CVSS7.2AI score0.00938EPSS
Exploits0References1
CVE
CVE
added 2022/04/07 6:22 p.m.81 views

CVE-2022-26671

CVE-2022-26671 affects Taiwan Secom Dr.ID Access Control system’s login page, where a hard-coded credential in the source code allows an unauthenticated remote attacker to obtain partial system information and modify system settings, causing partial service disruption. The available connected doc...

7.5CVSS7AI score0.00938EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.7 views

Taiwan Secom Dr.ID Access control 信任管理问题漏洞

Taiwan Secom Dr.ID Access control is an access control system from Taiwan Secom Corporation in Taiwan, China. A security vulnerability exists in the Taiwan Secom Dr.ID Access control system due to a hard-coded credential in the source code of the login page. An unauthenticated remote attacker cou...

7.5CVSS7.5AI score0.00938EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.5 views

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to increase their privileges.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, stems from the use of rigidly encoded user credentials. Exploiting this vulnerability could all...

7.1CVSS7.7AI score0.00931EPSS
Exploits0References2
ICS
ICS
added 2022/04/07 12:0 a.m.148 views

Pepperl+Fuchs WirelessHART-Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pepperl+Fuchs Equipment: WirelessHART-Gateway Vulnerabilities: Use of Hard-coded Credentials, Uncontrolled Resource Consumption, Reliance on Reverse DNS Resolution for a Security-critical Action, Path...

9.8CVSS8.6AI score0.99019EPSS
Exploits20References5
ATTACKERKB
ATTACKERKB
added 2022/04/06 10:15 a.m.5 views

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

7.8CVSS7.1AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2022/04/06 10:15 a.m.7 views

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

7.8CVSS7.1AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2022/04/06 10:15 a.m.21 views

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

7.8CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/06 9:30 a.m.10 views

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

7.8CVSS6.5AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/06 9:30 a.m.24 views

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

7.8CVSS7.6AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder