Total
139 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5367 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
CVE-2018-17497 | 1 Thresholdsecurity | 1 Evisitorpass | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
CVE-2019-16102 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | |||||
CVE-2018-17485 | 1 Jollytech | 1 Lobby Track | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
CVE-2019-7252 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Linear eMerge E3-Series devices have Default Credentials. | |||||
CVE-2019-7476 | 1 Sonicwall | 1 Global Management System | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | |||||
CVE-2019-2043 | 1 Google | 1 Android | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087 | |||||
CVE-2019-5497 | 1 Netapp | 3 Aff A700s, Aff A700s Firmware, Clustered Data Ontap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | |||||
CVE-2019-2131 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119115683. | |||||
CVE-2019-4169 | 1 Ibm | 6 Open Power, Power System 8335-gtc, Power System 8335-gtg and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. | |||||
CVE-2019-1804 | 1 Cisco | 26 Nexus 93108tc-ex, Nexus 93108tc-ex Firmware, Nexus 93120tx and 23 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. | |||||
CVE-2018-20052 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command. | |||||
CVE-2019-2120 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130821293. | |||||
CVE-2019-11618 | 1 Doorgets | 1 Doorgets Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php. | |||||
CVE-2019-7668 | 1 Primasystems | 1 Flexair | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Prima Systems FlexAir devices have Default Credentials. | |||||
CVE-2018-19275 | 1 Mitel | 2 Cmg Suite, Inattend | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | |||||
CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | |||||
CVE-2019-15304 | 1 Progradegrill | 2 Wifi Grilling Thermometer, Wifi Grilling Thermometer Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding. | |||||
CVE-2019-2041 | 1 Google | 1 Android | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690. | |||||
CVE-2019-5490 | 1 Netapp | 2 Clustered Data Ontap, Service Processor | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. |