Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-1188
Total 131 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-0386 1 Google 1 Android 2021-07-21 4.3 MEDIUM 5.5 MEDIUM
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356
CVE-2020-0394 1 Google 1 Android 2021-07-21 7.2 HIGH 7.8 HIGH
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639
CVE-2020-11489 2 Intel, Nvidia 3 Bmc Firmware, Dgx-1, Dgx-2 2021-07-21 5.0 MEDIUM 7.5 HIGH
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.
CVE-2021-0534 1 Google 1 Android 2021-06-23 4.6 MEDIUM 7.8 HIGH
In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543
CVE-2017-5178 1 Schneider-electric 3 Tableau Desktop, Tableau Server, Wonderware Intelligence 2021-06-04 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.
CVE-2017-3834 1 Cisco 4 Aironet 1830i Access Point, Aironet 1850e Access Point, Aironet 1850i Access Point and 1 more 2021-04-22 10.0 HIGH 9.8 CRITICAL
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.
CVE-2020-8705 1 Intel 3 Converged Security And Manageability Engine, Server Platform Services, Trusted Execution Technology 2020-11-30 4.6 MEDIUM 6.8 MEDIUM
Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.
CVE-2020-12327 1 Intel 1 Thunderbolt Dch Driver 2020-11-24 2.1 LOW 4.4 MEDIUM
Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2019-1950 1 Cisco 34 Asr 1000-x, Asr 1001-hx, Asr 1002-hx and 31 more 2020-10-19 7.2 HIGH 8.4 HIGH
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.
CVE-2019-3783 1 Cloudfoundry 1 Stratos 2020-10-19 4.0 MEDIUM 8.8 HIGH
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.
CVE-2020-0416 1 Google 1 Android 2020-10-16 9.3 HIGH 8.8 HIGH
In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585
CVE-2020-26930 1 Netgear 2 Ex7700, Ex7700 Firmware 2020-10-16 5.5 MEDIUM 3.8 LOW
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.
CVE-2019-15304 1 Progradegrill 2 Wifi Grilling Thermometer, Wifi Grilling Thermometer Firmware 2020-09-24 6.4 MEDIUM 9.1 CRITICAL
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding.
CVE-2018-17906 1 Philips 2 Intellispace Pacs, Isite Pacs 2020-09-18 3.3 LOW 8.8 HIGH
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
CVE-2020-16873 2 Google, Microsoft 2 Chrome, Xamarin.forms 2020-09-17 6.8 MEDIUM 8.8 HIGH
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka 'Xamarin.Forms Spoofing Vulnerability'.
CVE-2018-0263 1 Cisco 1 Meeting Server 2020-09-04 3.3 LOW 7.4 HIGH
A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.
CVE-2019-5490 1 Netapp 2 Clustered Data Ontap, Service Processor 2020-08-24 10.0 HIGH 9.8 CRITICAL
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.
CVE-2018-17485 1 Jollytech 1 Lobby Track 2020-08-24 2.1 LOW 7.8 HIGH
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
CVE-2018-17497 1 Thresholdsecurity 1 Evisitorpass 2020-08-24 2.1 LOW 7.8 HIGH
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
CVE-2018-19275 1 Mitel 2 Cmg Suite, Inattend 2020-08-24 10.0 HIGH 9.8 CRITICAL
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.