Total
1274 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-36817 | 1 Kingstemple | 1 The King\'s Temple Church Website | 2024-11-21 | N/A | 7.5 HIGH |
`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | |||||
CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 7.2 HIGH |
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | |||||
CVE-2023-36647 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 7.5 HIGH |
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | |||||
CVE-2023-36623 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | N/A | 7.8 HIGH |
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges. | |||||
CVE-2023-36380 | 1 Siemens | 4 Cp-8031, Cp-8031 Firmware, Cp-8050 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected. | |||||
CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2024-11-21 | N/A | 6.5 MEDIUM |
PowerShell Information Disclosure Vulnerability | |||||
CVE-2023-35987 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | |||||
CVE-2023-35763 | 1 Iagona | 1 Scrutisweb | 2024-11-21 | N/A | 5.5 MEDIUM |
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | |||||
CVE-2023-35724 | 2024-11-21 | N/A | 8.8 HIGH | ||
D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20050. | |||||
CVE-2023-34473 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 6.6 MEDIUM |
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
CVE-2023-34338 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 7.1 HIGH |
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
CVE-2023-34284 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660. | |||||
CVE-2023-34123 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 7.5 HIGH |
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
CVE-2023-33920 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability. | |||||
CVE-2023-33836 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 5.3 MEDIUM |
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | |||||
CVE-2023-33778 | 1 Draytek | 143 Myvigor, Vigor1000b, Vigor1000b Firmware and 140 more | 2024-11-21 | N/A | 9.8 CRITICAL |
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. | |||||
CVE-2023-33744 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | |||||
CVE-2023-33413 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | N/A | 8.8 HIGH |
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | |||||
CVE-2023-33372 | 1 Connectedio | 1 Connected Io | 2024-11-21 | N/A | 9.8 CRITICAL |
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | |||||
CVE-2023-33371 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | N/A | 9.8 CRITICAL |
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. |