Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15314 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | |||||
| CVE-2020-15319 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | |||||
| CVE-2020-15320 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. | |||||
| CVE-2020-15313 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | |||||
| CVE-2020-15312 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | |||||
| CVE-2020-3928 | 1 Usavisionsys | 10 Geovision Gv-as1010, Geovision Gv-as1010 Firmware, Geovision Gv-as210 and 7 more | 2020-06-18 | 10.0 HIGH | 9.8 CRITICAL |
| GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. | |||||
| CVE-2020-4216 | 1 Ibm | 1 Spectrum Protect Plus | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. | |||||
| CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2020-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | |||||
| CVE-2020-3234 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2020-06-10 | 7.2 HIGH | 8.8 HIGH |
| A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device’s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user. | |||||
| CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2020-06-09 | 5.0 MEDIUM | 5.5 MEDIUM |
| Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | |||||
| CVE-2020-13804 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2020-06-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | |||||
| CVE-2020-4177 | 1 Ibm | 1 Security Guardium | 2020-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | |||||
| CVE-2020-4190 | 1 Ibm | 1 Security Guardium | 2020-06-03 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. | |||||
| CVE-2020-1764 | 2 Kiali, Redhat | 2 Kiali, Openshift Service Mesh | 2020-05-28 | 7.5 HIGH | 8.6 HIGH |
| A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | |||||
| CVE-2020-11549 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2020-05-20 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. | |||||
| CVE-2020-5248 | 1 Glpi-project | 1 Glpi | 2020-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. | |||||
| CVE-2020-12110 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2020-05-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
| CVE-2020-3318 | 1 Cisco | 1 Firepower Management Center | 2020-05-08 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3301 | 1 Cisco | 1 Firepower Management Center | 2020-05-08 | 2.1 LOW | 4.4 MEDIUM |
| Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-4429 | 1 Ibm | 1 Data Risk Manager | 2020-05-08 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. | |||||