Lucene search
K

7578 matches found

OSV
OSV
added 2022/11/07 12:15 a.m.5 views

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References1
Prion
Prion
added 2022/11/07 12:15 a.m.19 views

Hardcoded credentials

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

4.3CVSS7.5AI score0.00108EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/06 12:0 a.m.3 views

PT-2022-24046 · Patterson Dental · Patterson Dental Eaglesoft

Name of the Vulnerable Software and Affected Versions: Patterson Dental Eaglesoft version 21 Description: The issue concerns the encryption mechanism in Patterson Dental Eaglesoft. Although it uses AES-256 encryption, there are two methods to obtain the keyfile, which are through keybackup.data...

7.8CVSS7.4AI score0.00108EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/11/06 12:0 a.m.6 views

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

7.5AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2022/11/06 12:0 a.m.68 views

CVE-2022-37710

Patterson Dental Eaglesoft 21 uses AES-256, but the keyfile and salt are hardcoded into a DLL/EXE. Two access paths to the keyfile exist: keybackup.data > License > Encryption Key and Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key, enabling local attackers ...

7.8CVSS7.4AI score0.00108EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/04 7:15 p.m.3 views

CVE-2022-40263

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

7.8CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2022/11/04 7:15 p.m.25 views

CVE-2022-40263

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

7.8CVSS0.00161EPSS
Exploits0References1
Prion
Prion
added 2022/11/04 7:15 p.m.19 views

Hardcoded credentials

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

4.3CVSS7.3AI score0.00161EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/04 6:58 p.m.4 views

CVE-2022-40263 BD Totalys MultiProcessor - Hardcoded Credentials

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

6.6CVSS6.7AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2022/11/04 6:58 p.m.66 views

CVE-2022-40263

BD Totalys MultiProcessor (versions 1.70 and earlier) is affected by a hard-coded credentials vulnerability. Exploitation would require local access (or physical access if networked) to the system, with low attack complexity and user interaction not needed. Successful exploitation could allow an ...

7.8CVSS6.8AI score0.00161EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/04 6:58 p.m.24 views

CVE-2022-40263 BD Totalys MultiProcessor - Hardcoded Credentials

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

6.6CVSS7.6AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2022/11/04 6:15 p.m.1 views

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

8.8CVSS5.9AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2022/11/04 6:15 p.m.20 views

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

8.8CVSS0.00696EPSS
Exploits0References1
Prion
Prion
added 2022/11/04 6:15 p.m.21 views

Hardcoded credentials

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

6.5CVSS8.6AI score0.00696EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.3 views

PT-2022-25308 · Bd +1 · Bd Totalys Multiprocessor +1

Name of the Vulnerable Software and Affected Versions: BD Totalys MultiProcessor versions 1.70 and earlier Description: The issue concerns hardcoded credentials in the software, which could allow threat actors to access, modify, or delete sensitive information, including electronic protected heal...

7.8CVSS7.3AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2022/11/03 7:29 p.m.103 views

CVE-2022-20868

CVE-2022-20868 affects Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance. The root cause is a hardcoded value used to encrypt a token for certain API calls, enabling an authenticated, remote attacker with valid credentials to impersonate anot...

8.8CVSS8.6AI score0.00696EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/03 7:29 p.m.27 views

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

4.7CVSS8.9AI score0.00696EPSS
Exploits0References1
OSV
OSV
added 2022/11/02 12:15 p.m.5 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS5.8AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2022/11/02 12:15 p.m.13 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/11/02 12:15 p.m.2 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS5.9AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder