Total
155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5841 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-9137 | 1 Ceragon | 1 Fiberair Ip-10 Firmware | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability." | |||||
| CVE-2017-6750 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. | |||||
| CVE-2017-5155 | 1 Schneider-electric | 1 Wonderware Historian | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. | |||||
| CVE-2017-5491 | 1 Wordpress | 1 Wordpress | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | |||||
| CVE-2017-6687 | 1 Cisco | 1 Ultra Services Framework Element Manager | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-6684 | 1 Cisco | 1 Elastic Services Controller | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-6692 | 1 Cisco | 1 Ultra Services Framework Element Manager | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2018-15350 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | |||||
| CVE-2017-8218 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | |||||
| CVE-2018-3667 | 1 Intel | 1 Processor Diagnostic Tool | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. | |||||
| CVE-2017-12739 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. | |||||
| CVE-2017-6688 | 1 Cisco | 1 Elastic Services Controller | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2018-20052 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command. | |||||
| CVE-2017-8039 | 1 Pivotal | 1 Spring Web Flow | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971. | |||||