Lucene search
+L

202 matches found

OSV
OSV
added 2020/05/04 3:15 a.m.9 views

CVE-2020-12627

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...

9.8CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2020/05/04 3:15 a.m.16 views

Hardcoded credentials

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...

7.5CVSS9.6AI score0.01368EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/04 2:16 a.m.24 views

CVE-2020-12627

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...

9.7AI score0.01368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/05/04 12:0 a.m.8 views

PT-2020-13173 · Calibre · Calibre-Web

Name of the Vulnerable Software and Affected Versions: Calibre-Web version 0.6.6 Description: The issue allows authentication bypass due to a hardcoded secret key 'A0Zr98j/3yX RXHH!jmNLWX/,?RT'. Recommendations: For Calibre-Web version 0.6.6, update the secret key to a unique and secure value to...

9.8CVSS7.1AI score0.01368EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2017-1183)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01458EPSS
Exploits1References2
NVD
NVD
added 2019/04/24 3:29 p.m.19 views

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

8.2CVSS8.2AI score0.01007EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/24 2:43 p.m.21 views

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

8.3AI score0.01007EPSS
Exploits1References2
CVE
CVE
added 2019/04/24 2:43 p.m.48 views

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 is affected by a hardcoded secret key vulnerability that enables an unauthenticated actor to access other users’ emails and file attachments and to interact with mailing lists. Root cause: hardcoded credentials in the product. Affected component: Sm...

8.2CVSS8.1AI score0.01007EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2019/01/15 9:18 a.m.24 views

Authentication Bypass

pki-core is vulnerable to authentication bypass attacks. The vulnerability exists as it was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the...

7.5CVSS6.7AI score0.01458EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/09/07 12:0 a.m.27 views

CA Unified Infrastructure Management < 8.48 / 8.53 Multiple Vulnerabilities (CA20180829-02)

According to its self-reported version number from the CA Unified Infrastructure Management UIM application running on the remote host is prior to 8.48 or 8.53. It is, therefore, affected by multiple vulnerabilities : - A hardcoded secret key exists that could allow information disclosure...

9.8CVSS7.6AI score0.02681EPSS
Exploits0References4
NVD
NVD
added 2018/08/30 2:29 p.m.17 views

CVE-2018-13819

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...

7.5CVSS8AI score0.01383EPSS
Exploits0References2
OSV
OSV
added 2018/08/30 2:29 p.m.3 views

CVE-2018-13819

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...

7.5CVSS5.8AI score0.01383EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/30 2:0 p.m.17 views

CVE-2018-13819

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...

7.5AI score0.01383EPSS
Exploits0References2
CVE
CVE
added 2018/08/30 2:0 p.m.49 views

CVE-2018-13819

CA Unified Infrastructure Management (UIM) versions 8.5.1, 8.5, and 8.4.7 contain a hardcoded secret key that could allow an attacker to access sensitive information. This CVE (CVE-2018-13819) is corroborated by the NVD entry and the CA/Tenable advisories, which also reference additional vulnerab...

7.5CVSS7.4AI score0.01383EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2018/07/26 1:29 p.m.23 views

CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

7.5CVSS6.8AI score0.01458EPSS
Exploits1References4
OSV
OSV
added 2018/07/26 1:29 p.m.2 views

DEBIAN-CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

7.5CVSS7AI score0.01458EPSS
Exploits1References1
OSV
OSV
added 2018/07/26 1:29 p.m.5 views

UBUNTU-CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

7.5CVSS6.8AI score0.01458EPSS
Exploits1References5
OSV
OSV
added 2018/07/26 1:29 p.m.25 views

CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

7.5CVSS6.7AI score0.01458EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2017/09/08 12:0 a.m.40 views

EulerOS 2.0 SP2 : pki-core (EulerOS-SA-2017-1184)

According to the version of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attack...

7.5CVSS6.7AI score0.01458EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2017/08/04 12:0 a.m.29 views

RedHat Update for pki-core RHSA-2017:2335-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01458EPSS
Exploits1References2
Rows per page
Query Builder