Search
Search Results (2314 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3082 | 1 Proges | 3 Sensor Net Connect, Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-09-30 | 4.2 Medium |
| A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | ||||
| CVE-2024-44815 | 2 Hathway, Skyworthdigital | 3 Skyworth Cm5100-511, Skyworth Cm5100-511 Firmware, Cm5100 Firmware | 2024-09-25 | 8 High |
| Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | ||||
| CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | 7.9 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | ||||
| CVE-2008-1271 | 2024-09-16 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1218. Reason: This candidate is a duplicate of CVE-2008-1218. Notes: All CVE users should reference CVE-2008-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2024-5622 | 2 B And R Industrial Automotion, Br-automation | 2 B And R Aprol, Industrial Automation Aprol | 2024-09-13 | 7.8 High |
| An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. | ||||
| CVE-2024-5623 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | 7.8 High |
| An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. | ||||
| CVE-2024-8580 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-09-10 | 8.1 High |
| A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 6.7 Medium |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | ||||
| CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 9.1 Critical |
| A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | ||||
| CVE-2024-31798 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-08-16 | 6.4 Medium |
| Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices | ||||
| CVE-2024-36398 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 7.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | ||||
| CVE-2024-7332 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2024-08-09 | 9.8 Critical |
| A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41616 | 1 Dlink | 2 Dir-300, Dir-300 Firmware | 2024-08-07 | 8.8 High |
| D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. | ||||
| CVE-2019-14560 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2023-11-07 | 6.1 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | ||||