Total
1268 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5460 | 2024-08-01 | 8.1 High | ||
| A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. | ||||
| CVE-2024-4844 | 2024-08-01 | 7.5 High | ||
| Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on. | ||||
| CVE-2024-3699 | 1 Dreryk | 1 Gabinet | 2024-08-01 | 9.8 Critical |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0. | ||||
| CVE-2024-3544 | 2024-08-01 | 7.5 High | ||
| Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. | ||||
| CVE-2024-3130 | 2024-08-01 | 5.7 Medium | ||
| Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app | ||||
| CVE-2024-1228 | 1 Eurosoft | 1 Przychodnia | 2024-08-01 | 9.8 Critical |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | ||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-08-01 | 7.8 High |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | ||||
| CVE-2024-0390 | 2024-08-01 | N/A | ||
| INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. | ||||