Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-1188
Total 131 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1278 1 Redhat 8 Amq, Amq Online, Integration Camel K and 5 more 2023-03-22 N/A 7.5 HIGH
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2022-48342 1 Jetbrains 1 Teamcity 2023-03-03 N/A 9.8 CRITICAL
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
CVE-2020-7685 1 Umbraco 1 Umbraco Forms 2023-03-02 5.0 MEDIUM 7.5 HIGH
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.
CVE-2010-2247 1 Makepasswd Project 1 Makepasswd 2023-02-12 5.0 MEDIUM 7.5 HIGH
makepasswd 1.10 default settings generate insecure passwords
CVE-2014-0234 1 Redhat 1 Openshift 2023-02-12 7.5 HIGH 9.8 CRITICAL
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
CVE-2019-19340 1 Redhat 2 Ansible Tower, Enterprise Linux 2023-02-01 6.4 MEDIUM 8.2 HIGH
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
CVE-2022-2196 1 Linux 1 Linux Kernel 2023-01-13 N/A 8.8 HIGH
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a
CVE-2022-20466 1 Google 1 Android 2022-12-14 N/A 5.5 MEDIUM
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730
CVE-2022-46831 1 Jetbrains 1 Teamcity 2022-12-12 N/A 4.9 MEDIUM
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
CVE-2022-3262 1 Redhat 1 Openshift 2022-12-12 N/A 8.1 HIGH
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.
CVE-2019-4169 1 Ibm 6 Open Power, Power System 8335-gtc, Power System 8335-gtg and 3 more 2022-12-09 6.4 MEDIUM 9.1 CRITICAL
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
CVE-2022-24706 1 Apache 1 Couchdb 2022-11-21 10.0 HIGH 9.8 CRITICAL
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
CVE-2022-36349 1 Intel 4 Nuc Board Nuc5i3mybe, Nuc Board Nuc5i3mybe Firmware, Nuc Kit Nuc5i3myhe and 1 more 2022-11-16 N/A 5.5 MEDIUM
Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-7729 3 Canonical, Debian, Gruntjs 3 Ubuntu Linux, Debian Linux, Grunt 2022-11-16 4.6 MEDIUM 7.1 HIGH
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVE-2021-35965 1 Learningdigital 1 Orca Hcm 2022-10-27 10.0 HIGH 9.8 CRITICAL
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
CVE-2021-21505 1 Dell 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware 2022-10-24 10.0 HIGH 9.8 CRITICAL
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.
CVE-2022-42467 1 Apache 1 Isis 2022-10-21 N/A 5.3 MEDIUM
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the 'isis.prototyping.h2-console.web-allow-remote-access' configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new 'isis.prototyping.h2-console.generate-random-web-admin-password' configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as "webAdminPass: xxx" (where "xxx") is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode.
CVE-2022-40468 1 Tinyproxy Project 1 Tinyproxy 2022-10-11 N/A 7.5 HIGH
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
CVE-2021-3586 1 Redhat 2 Openshift Service Mesh, Servicemesh-operator 2022-08-26 N/A 9.8 CRITICAL
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2022-32480 1 Dell 1 Emc Powerscale Onefs 2022-08-24 N/A 6.5 MEDIUM
Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.