Lucene search
K

7576 matches found

CVE
CVE
added 2023/02/09 12:0 a.m.53 views

CVE-2023-21426

The CVE-2023-21426 vulnerability affects Samsung mobile devices running SMR prior to Jan-2023 Release 1, where a hardcoded AES key is used to encrypt card emulation PINs in NFC. The root cause is the hardcoded key in the NFC card emulation workflow, enabling local attackers to access cardemulatio...

5.5CVSS5.4AI score0.00158EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/04 12:0 a.m.10 views

PT-2023-1659 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a flaw in the Linux Kernel, specifically with the tun/tap sockets having their socket UID hardcoded to 0 due to a type confusion in their initialization functio...

10CVSS6.2AI score0.98745EPSS
Exploits322References2040
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.7 views

Upgraded Q -> 2 from #867 [1675460709593]

Judge has assessed an item in Issue 867 as 2 risk. The relevant finding follows: L-01, ProtocolDAO.sol lines 209 - 216: upgradeExistingContract mistakenly removes the address value of the new contract if the new contract’s name is the same as the old one. This can be easily fixed with unregisteri...

6.9AI score
Exploits0
NVD
NVD
added 2023/02/02 10:15 p.m.19 views

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

9.8CVSS9.2AI score0.00937EPSS
Exploits1References1
OSV
OSV
added 2023/02/02 10:15 p.m.4 views

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

9.8CVSS5.8AI score0.00937EPSS
Exploits1References1
Prion
Prion
added 2023/02/02 10:15 p.m.29 views

Hardcoded credentials

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

7.5CVSS9.1AI score0.00937EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/02/02 12:0 a.m.68 views

CVE-2022-48113

CVE-2022-48113 affects TOTOLINK N200RE_v5 firmware version V9.3.5u.6139. An unauthenticated attacker can access the telnet service via a crafted POST request and may log in as root using hardcoded credentials. The connected documents confirm the vulnerability details but do not provide a remediat...

9.8CVSS9.1AI score0.00937EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/02/02 12:0 a.m.24 views

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

9.4AI score0.00937EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/02 12:0 a.m.7 views

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

7.1AI score0.00937EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.5 views

TOTOLINK N200RE 信任管理问题漏洞

The TOTOLINK N200RE is a router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK N200RE N200REv5 firmware version V9.3.5u.6139, which originates from a vulnerability that allows an attacker to access the telnet service via a crafted POST request, which can b...

9.8CVSS8.4AI score0.00937EPSS
Exploits1References2
NVD
NVD
added 2023/02/01 2:15 p.m.16 views

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

7.5CVSS7.2AI score0.00603EPSS
Exploits0References1
OSV
OSV
added 2023/02/01 2:15 p.m.6 views

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

7.5CVSS7.1AI score0.00603EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.15 views

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

7.4AI score0.00603EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.5 views

PT-2023-15515 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.5 views

PT-2023-15516 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.4 views

PT-2023-15514 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.5 views

PT-2023-15517 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

6.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/27 12:0 a.m.4 views

CVE-2022-43978 Limited Authentication bypass due to hardcoded secret

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order t...

5.6CVSS5.6AI score0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/27 12:0 a.m.16 views

CVE-2022-43978 Limited Authentication bypass due to hardcoded secret

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order t...

5.6CVSS5.8AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.2 views

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

9.8CVSS7.3AI score0.01557EPSS
Exploits0References3
Rows per page
Query Builder