CVE-2024-32210

The Red Hat–listed CVEs map to LoMag LoMag Inventory Management v1.0.20.120 and earlier. Concrete issues include: hard-coded passwords by default for forms and SQL connections (CVE-2024-32210); local information disclosure via UserClass.cs and Settings.cs (CVE-2024-32211); SQL Injection via Artic...

CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...

CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

CVE-2024-33891 (Delinea Secret Server) : Affects Secret Server versions prior to 11.7.000001. The issue enables authentication bypass via the SOAP API at SecretServer/webservices/SSWebService.asmx, linked to a hardcoded key, the Admin user being represented as the integer 2, and removal of the oa...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

PT-2024-3811 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea Secret Server versions prior to 11.7.000001 Description: The issue is related to the use of a hardcoded key for encryption in the Delinea Secret Server, allowing a remote attacker to bypass the authentication procedure. This can be...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat USA that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from a hard-coded, loose regular expression used for filtering that allows hosts t...

CVE-2024-22813

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller...

PT-2024-19573 · Tormach · Tormach Xstech Cnc Router +1

Name of the Vulnerable Software and Affected Versions: Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 Description: The issue allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller...

CVE-2024-29963

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries...

CVE-2024-29963 Brocade SANnav contains hardcoded TLS keys used by Docker

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries...

CVE-2024-29963 Brocade SANnav contains hardcoded TLS keys used by Docker

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries...

CVE-2024-29960

CVE-2024-29960 involves Brocade SANnav: in SANnav VMs based on the official OVA images, SSH keys are identical in every installation for versions before 2.3.1 and 2.3.0a, enabling MITM on SSH. This allows an attacker to decrypt and compromise SSH traffic to the SANnav appliance. The issue is tied...

Broadcom Brocade SANnav 信任管理问题漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from the fact that the SSH key within the OVA image is hardcoded and is the same in the VM every time SANnav is...

CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

Keycloak Authorization Bypass vulnerability

Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration...

PT-2024-3482 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the use of hardcoded credentials in the software. An attacker could exploit this to gain unauthorized access to protected information. T...