Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6963 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-08-04 | 10.0 Critical |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-6857 | 1 Taskautomation | 1 Carbonftp | 2024-08-04 | 5.5 Medium |
| CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. | ||||
| CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2024-08-04 | 9.8 Critical |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | ||||
| CVE-2020-5667 | 1 Wantedlyinc | 1 Studyplus | 2024-08-04 | 5.5 Medium |
| Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | ||||
| CVE-2020-5248 | 1 Glpi-project | 1 Glpi | 2024-08-04 | 7.2 High |
| GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. | ||||
| CVE-2020-5222 | 1 Apereo | 1 Opencast | 2024-08-04 | 6.8 Medium |
| Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | ||||
| CVE-2020-2500 | 1 Qnap | 1 Helpdesk | 2024-08-04 | 9.8 Critical |
| This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions. | ||||
| CVE-2020-1764 | 2 Kiali, Redhat | 3 Kiali, Openshift Service Mesh, Service Mesh | 2024-08-04 | 8.6 High |
| A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | ||||
| CVE-2020-1716 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2024-08-04 | 8.8 High |
| A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected. | ||||
| CVE-2020-0016 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | ||||
| CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2024-08-04 | 7.5 High |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | ||||
| CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 8.8 High |
| In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | ||||
| CVE-2021-45913 | 1 Controlup | 1 Controlup Agent | 2024-08-04 | 7.2 High |
| A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | ||||
| CVE-2021-45841 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-08-04 | 8.1 High |
| In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. | ||||
| CVE-2021-45877 | 1 Garo | 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more | 2024-08-04 | 9.8 Critical |
| Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page. | ||||
| CVE-2021-45732 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-08-04 | 8.8 High |
| Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. | ||||
| CVE-2021-45522 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-08-04 | 6.1 Medium |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. | ||||
| CVE-2021-45521 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2024-08-04 | 7.4 High |
| Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | ||||
| CVE-2021-45520 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2024-08-04 | 9.6 Critical |
| Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | ||||
| CVE-2021-45458 | 1 Apache | 1 Kylin | 2024-08-04 | 7.5 High |
| Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | ||||