Total
155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48432 | 1 Jetbrains | 1 Intellij Idea | 2023-04-01 | N/A | 8.8 HIGH |
| In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | |||||
| CVE-2022-1278 | 1 Redhat | 8 Amq, Amq Online, Integration Camel K and 5 more | 2023-03-22 | N/A | 7.5 HIGH |
| A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | |||||
| CVE-2022-48342 | 1 Jetbrains | 1 Teamcity | 2023-03-03 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | |||||
| CVE-2020-7685 | 1 Umbraco | 1 Umbraco Forms | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | |||||
| CVE-2010-2247 | 1 Makepasswd Project | 1 Makepasswd | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| makepasswd 1.10 default settings generate insecure passwords | |||||
| CVE-2014-0234 | 1 Redhat | 1 Openshift | 2023-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
| CVE-2019-19340 | 1 Redhat | 2 Ansible Tower, Enterprise Linux | 2023-02-01 | 6.4 MEDIUM | 8.2 HIGH |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. | |||||
| CVE-2022-20466 | 1 Google | 1 Android | 2022-12-15 | N/A | 5.5 MEDIUM |
| In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730 | |||||
| CVE-2022-46831 | 1 Jetbrains | 1 Teamcity | 2022-12-12 | N/A | 4.9 MEDIUM |
| In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | |||||
| CVE-2022-3262 | 1 Redhat | 1 Openshift | 2022-12-12 | N/A | 8.1 HIGH |
| A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. | |||||
| CVE-2019-4169 | 1 Ibm | 6 Open Power, Power System 8335-gtc, Power System 8335-gtg and 3 more | 2022-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. | |||||
| CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2022-11-16 | 4.6 MEDIUM | 7.1 HIGH |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | |||||
| CVE-2021-35965 | 1 Learningdigital | 1 Orca Hcm | 2022-10-27 | 10.0 HIGH | 9.8 CRITICAL |
| The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2021-21505 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2022-10-24 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. | |||||
| CVE-2021-3586 | 1 Redhat | 2 Openshift Service Mesh, Servicemesh-operator | 2022-08-26 | N/A | 9.8 CRITICAL |
| A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-32480 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2022-20342 | 1 Google | 1 Android | 2022-08-16 | N/A | 3.3 LOW |
| In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-143534321 | |||||
| CVE-2020-12732 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | |||||
| CVE-2021-35336 | 1 Tieline | 2 Ip Audtio Gateway, Ip Audtio Gateway Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. | |||||
| CVE-2021-44480 | 1 Wokkalokka | 2 Wokka Watch Q50, Wokka Watch Q50 Firmware | 2022-07-12 | 9.3 HIGH | 8.1 HIGH |
| Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. | |||||