Lucene search
K

8070 matches found

CNNVD
CNNVD
added 2022/01/12 12:0 a.m.6 views

Jenkins Warnings Next Generation 路径遍历漏洞

Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...

8.1CVSS7.7AI score0.01939EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.4 views

Schneider Electric Easergy P5 信任管理问题漏洞

The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. The Schneider Electric Easergy P5 is vulnerable to a trust management issue, which exists due to the presence of hard-coded credentials in the application code. An...

7.5CVSS5.6AI score0.02371EPSS
Exploits0References5
OSV
OSV
added 2022/01/11 7:15 p.m.2 views

CVE-2021-43052

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

7.5CVSS7.1AI score0.00854EPSS
Exploits0References2
Prion
Prion
added 2022/01/11 7:15 p.m.16 views

Authentication flaw

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

5CVSS7.7AI score0.00854EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/11 6:25 p.m.18 views

CVE-2021-43052 TIBCO FTL Secret Generation Vulnerability

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

9.3CVSS9.6AI score0.00854EPSS
Exploits0References2
OSV
OSV
added 2022/01/11 12:15 p.m.6 views

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

8.8CVSS7.2AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2022/01/11 11:52 a.m.12 views

Night Sky: the new corporate ransomware demanding a sky high ransom

Theres a new ransomware in town—isnt there always?—and its, unsurprisingly, after corporation-sized businesses. Its called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. First day of the year, and a new...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2022/01/11 11:27 a.m.16 views

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

8.6AI score0.00906EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.3 views

Siemens SICAM A8000 CP-8000 信任管理问题漏洞

The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...

8.8CVSS5.7AI score0.00906EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.5 views

TIBCO Software FTL 信任管理问题漏洞

Tibco Ftl is an application-to-application messaging system from Tibco USA, Inc. Designed for low latency and high performance, TIBCO FTL suffers from a trust management issue vulnerability that stems from hard-coded secrets used in the default domain server, which can be exploited by attackers t...

9.3CVSS5.6AI score0.00854EPSS
Exploits0References4
ICS
ICS
added 2022/01/11 12:0 a.m.52 views

Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user...

8.8CVSS8.5AI score0.02307EPSS
Exploits2References11
Github Security Blog
Github Security Blog
added 2022/01/08 12:43 a.m.44 views

Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS2.8AI score0.0208EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/01/08 12:43 a.m.25 views

GHSA-9FJ5-JG6F-QG5R Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS7.5AI score0.0208EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.6 views

ControlUp Real-Time Agent 信任管理问题漏洞

ControlUp Real-Time Agent is a real-time agent from Controlup, Inc. A security vulnerability exists in ControlUp Real-Time Agent that stems from a hard-coded key in ControlUp Real-Time Agent versions prior to 8.2.5 that allows potential attackers to exploit the vulnerability to run operating syst...

9CVSS7.1AI score0.01008EPSS
Exploits0References2
CNVD
CNVD
added 2022/01/04 12:0 a.m.15 views

D-Link DIR-2640 trust management issue vulnerability

D-Link DIR-2640 is a high-powered Wi-Fi router from D-Link, a Taiwan-based company. D-Link DIR-2640 Quagga 1.11B02 and previous versions are vulnerable to a trust management issue, which stems from the use of default hard-coded credentials for the service, and can be exploited by remote attackers...

8.8CVSS5.9AI score0.04289EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/03 12:0 a.m.15 views

Netgear RAX43 has an unspecified vulnerability (CNVD-2022-02648)

Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...

8.8CVSS2AI score0.005EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/03 12:0 a.m.19 views

Trendnet AC2600 TEW-827DRU Trust Management Issue Vulnerability

The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...

9.8CVSS4.3AI score0.01899EPSS
Exploits1References1
OSV
OSV
added 2021/12/30 10:15 p.m.5 views

CVE-2021-20132

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router i.e., as the "admin" user, UID 0...

8.8CVSS5.8AI score0.04289EPSS
Exploits1References1
CVE
CVE
added 2021/12/30 9:30 p.m.58 views

CVE-2021-20132

CVE-2021-20132 affects D-Link DIR-2640 with Quagga services (zebra and ripd) running on versions up to 1.11B02. The root cause is default hard-coded credentials, allowing a remote attacker to gain administrative access (root privileges, UID 0) to these services. Several connected records (e.g., R...

8.8CVSS8.8AI score0.04289EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.15 views

Trendnet AC2600 信任管理问题漏洞

The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...

9.8CVSS5.5AI score0.01899EPSS
Exploits1References2
Rows per page
Query Builder