CVE-2021-20025

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the...

CVE-2021-20025

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the...

[SECURITY] Fedora 34 Update: gnome-initial-setup-40~rc-1.fc34

GNOME Initial Setup is an alternative to firstboot, providing a good setup experience to welcome you to your system, and walks you through configuring it. It is integrated with gdm...

Fedora: Security Advisory for gnome-initial-setup (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

PT-2021-9035 · Unknown · Tk-Star Q90 Junior Gps

Name of the Vulnerable Software and Affected Versions: TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: A security issue was found in the initial setup of the device, where a default password 123456 is used for administrative purposes without prompting the user to change it. This...

TK-Star Q90 Junior GPS horloge trust management issue vulnerability

The TK-Star Q90 Junior GPS horloge is a Gps location tracker from TK-Star China. A security vulnerability exists in the TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices, which stems from the use of the default password 123456 for administrative purposes when using the device during initial...

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

EulerOS 2.0 SP8 : gdm (EulerOS-SA-2020-2511)

According to the version of the gdm package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner on...

DEBIAN-CVE-2020-16125

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

CVE-2020-16125 gdm3 would start gnome-initial-setup if it cannot contact accountservice

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

USN-4614-1 gdm3 vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

initial-setup bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

CVE-2020-11964

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2020-10888

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during...

(Pwn2Own) TP-Link Archer A7 SSH Port Forwarding Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The...

CTFd 2.1.5 Administrator Account Takeover

Exploit Title: CTFd Administrator Account Takeover Date: 2/1/20 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://ctfd.io Software Link: https://github.com/CTFd/CTFd/releases/tag/2.1.5 Version: CTFd Local/Remote Hosting 2.1.5 and below Tested on: CTFd 2.1.5 CTFd...

Fedora 30 : 1:gnome-bluetooth / at-spi2-core / atomix / bijiben / containers / etc (2019-ac2a21ff07)

This update fixes a bug in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all...