Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15753 | 1 Mensamax | 1 Mensamax | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password. | |||||
| CVE-2018-15720 | 1 Logitech | 2 Harmony Hub, Harmony Hub Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | |||||
| CVE-2018-15491 | 1 Zemana | 1 Antilogger | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | |||||
| CVE-2018-15439 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. | |||||
| CVE-2018-15427 | 1 Cisco | 2 Connected Safety And Security Ucs C220, Video Surveillance Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. | |||||
| CVE-2018-15389 | 1 Cisco | 1 Prime Collaboration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges. | |||||
| CVE-2018-15360 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2018-14943 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | |||||
| CVE-2018-14901 | 1 Epson | 1 Iprint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. | |||||
| CVE-2018-14801 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | |||||
| CVE-2018-14528 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Invoxia NVX220 devices allow TELNET access as admin with a default password. | |||||
| CVE-2018-14324 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product. | |||||
| CVE-2018-13820 | 1 Ca | 1 Unified Infrastructure Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | |||||
| CVE-2018-13342 | 1 Linhandante | 1 Anda | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The server API in the Anda app relies on hardcoded credentials. | |||||
| CVE-2018-12924 | 1 Eztcp | 16 Cie-h10, Cie-h10 Firmware, Cie-h12 and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. | |||||
| CVE-2018-12668 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. | |||||
| CVE-2018-12526 | 1 Telesquare | 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | |||||
| CVE-2018-12323 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | |||||
| CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | |||||