Total
1445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | |||||
| CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | |||||
| CVE-2024-22813 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. | |||||
| CVE-2024-22772 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22771 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22770 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22769 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22768 | 1 Hitron Systems | 2 Dvr Hvr-4781, Dvr Hvr-4781 Firmware | 2024-11-21 | N/A | 7.4 HIGH |
| Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | |||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | |||||
| CVE-2024-21764 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | |||||
| CVE-2024-1661 | 1 Totolink | 1 X6000r Firmware | 2024-11-21 | 1.0 LOW | 2.5 LOW |
| A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1228 | 1 Eurosoft | 1 Przychodnia | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | |||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | N/A | 7.8 HIGH |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | |||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | N/A | 5.2 MEDIUM |
| Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | |||||
| CVE-2023-6198 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. | |||||
| CVE-2023-5777 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | |||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 7.5 HIGH |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | |||||
| CVE-2023-52723 | 2024-11-21 | N/A | 7.1 HIGH | ||
| In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | |||||
| CVE-2023-50948 | 1 Ibm | 1 Storage Fusion Hci | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | |||||