Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47800 | 1 Natus | 2 Neuroworks Eeg, Sleepworks | 2023-12-10 | N/A | 9.8 CRITICAL |
| Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | |||||
| CVE-2023-41137 | 1 Appsanywhere | 1 Appsanywhere Client | 2023-12-10 | N/A | 9.8 CRITICAL |
| Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | |||||
| CVE-2023-47315 | 1 H-mdm | 1 Headwind Mdm | 2023-12-10 | N/A | 8.8 HIGH |
| Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens. | |||||
| CVE-2023-48053 | 1 Archerydms | 1 Archery | 2023-12-10 | N/A | 7.5 HIGH |
| Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | |||||
| CVE-2023-44296 | 1 Dell | 1 E-lab Navigator | 2023-12-10 | N/A | 5.5 MEDIUM |
| Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | |||||
| CVE-2023-38024 | 1 Myspotcam | 2 Fhd 2, Fhd 2 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | |||||
| CVE-2023-35763 | 1 Iagona | 1 Scrutisweb | 2023-12-10 | N/A | 5.5 MEDIUM |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | |||||
| CVE-2023-37291 | 1 Gss | 1 Vitals Enterprise Social Platform | 2023-12-10 | N/A | 9.8 CRITICAL |
| Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through 6.2.0. | |||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2023-12-10 | N/A | 7.5 HIGH |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-26219 | 1 Tibco | 4 Hawk, Hawk Distribution For Tibco Silver Fabric, Operational Intelligence Hawk Redtail and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
| The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below. | |||||
| CVE-2022-22466 | 1 Ibm | 1 Security Verify Governance | 2023-12-10 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | |||||
| CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | |||||
| CVE-2023-39982 | 1 Moxa | 1 Mxsecurity | 2023-12-10 | N/A | 5.9 MEDIUM |
| A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. | |||||
| CVE-2023-41713 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2023-12-10 | N/A | 7.5 HIGH |
| SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||||
| CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2023-12-10 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | |||||
| CVE-2023-37755 | 1 I-doit | 1 I-doit | 2023-12-10 | N/A | 9.8 CRITICAL |
| i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS). | |||||
| CVE-2023-41878 | 1 Metersphere | 1 Metersphere | 2023-12-10 | N/A | 9.8 CRITICAL |
| MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39420 | 1 Resortdata | 1 Internet Reservation Module Next Generation | 2023-12-10 | N/A | 8.8 HIGH |
| The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application. | |||||
| CVE-2023-42492 | 1 Busbaer | 1 Eisbaer Scada | 2023-12-10 | N/A | 9.8 CRITICAL |
| EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | |||||
| CVE-2023-32227 | 1 Synel | 2 Synergy\/a, Synergy\/a Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | |||||