Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2023-11-07 | N/A | 8.8 HIGH |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | |||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2023-11-07 | N/A | 9.8 CRITICAL |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | |||||
| CVE-2022-34462 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2023-11-07 | N/A | 7.8 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34449 | 1 Dell | 1 Powerpath Management Appliance | 2023-11-07 | N/A | 6.0 MEDIUM |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. | |||||
| CVE-2022-34442 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2023-11-07 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | |||||
| CVE-2022-34441 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2023-11-07 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34440 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2023-11-07 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34386 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2023-11-07 | N/A | 5.5 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
| CVE-2022-31322 | 1 Pentasecurity | 1 Wapples | 2023-11-07 | N/A | 7.8 HIGH |
| Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | |||||
| CVE-2022-2660 | 1 Deltaww | 1 Dialink | 2023-11-07 | N/A | 7.5 HIGH |
| Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | |||||
| CVE-2022-29186 | 1 Pagerduty | 1 Rundeck | 2023-11-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on remote host, those hosts would allow access to anyone with the exposed private credentials. This misconfiguration only impacts Rundeck Docker instances of PagerDuty® Process Automation On Prem (formerly Rundeck) version 4.0 and earlier, not Debian, RPM or .WAR. Additionally, the id_rsa.pub file would have to be copied from the Docker image filesystem contents without overwriting it and used to configure SSH access on a host. A patch on Rundeck's `main` branch has removed the pre-generated SSH key pair, but it does not remove exposed keys that have been configured. To patch, users must run a script on hosts in their environment to search for exposed keys and rotate them. Two workarounds are available: Do not use any pre-existing public key file from the rundeck docker images to allow SSH access by adding it to authorized_keys files and, if you have copied the public key file included in the docker image, remove it from any authorized_keys files. | |||||
| CVE-2022-25521 | 1 Nuuo | 1 Network Video Recorder Firmware | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO v03.11.00 was discovered to contain access control issue. | |||||
| CVE-2022-20844 | 1 Cisco | 1 Sd-wan | 2023-11-07 | N/A | 5.3 MEDIUM |
| A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | |||||
| CVE-2022-20773 | 1 Cisco | 1 Umbrella | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. | |||||
| CVE-2021-40342 | 1 Hitachienergy | 2 Foxman-un, Unem | 2023-11-07 | N/A | 9.8 CRITICAL |
| In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* | |||||
| CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | |||||
| CVE-2021-3565 | 3 Fedoraproject, Redhat, Tpm2-tools Project | 3 Fedora, Enterprise Linux, Tpm2-tools | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-37163 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||||
| CVE-2021-34757 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2023-11-07 | 3.6 LOW | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34744 | 1 Cisco | 32 Business 220-16p-2g, Business 220-16p-2g Firmware, Business 220-16t-2g and 29 more | 2023-11-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | |||||