Total
1404 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1919 | 1 Cisco | 2 Findit Network Manager, Findit Network Probe | 2024-11-21 | N/A |
| A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable. | ||||
| CVE-2019-1723 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 9.8 Critical |
| A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2. | ||||
| CVE-2019-1675 | 1 Cisco | 2 Aironet Active Sensor, Digital Network Architecture Center | 2024-11-21 | N/A |
| A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected. | ||||
| CVE-2019-1619 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.8 Critical |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. | ||||
| CVE-2019-19492 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 9.8 Critical |
| FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | ||||
| CVE-2019-19108 | 1 Br-automation | 2 Automation Runtime, Automation Studio | 2024-11-21 | 9.4 Critical |
| An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | ||||
| CVE-2019-19033 | 1 Jalios | 1 Jcms | 2024-11-21 | 9.8 Critical |
| Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password. | ||||
| CVE-2019-19021 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | ||||
| CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 8.1 High |
| An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | ||||
| CVE-2019-18831 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2024-11-21 | 5.3 Medium |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. | ||||
| CVE-2019-17098 | 1 August | 3 August Home, Connect Wi-fi Bridge, Connect Wi-fi Bridge Firmware | 2024-11-21 | 3.5 Low |
| Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. | ||||
| CVE-2019-16734 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 9.8 Critical |
| Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | ||||
| CVE-2019-16399 | 1 Westerndigital | 2 Wd My Book, Wd My Book Firmware | 2024-11-21 | 9.8 Critical |
| Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. | ||||
| CVE-2019-16313 | 1 Ifw8 | 10 Fr5, Fr5-e, Fr5-e Firmware and 7 more | 2024-11-21 | 7.5 High |
| ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. | ||||
| CVE-2019-16207 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.8 High |
| Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | ||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 9.8 Critical |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | ||||
| CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 5.5 Medium |
| Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | ||||
| CVE-2019-15977 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 7.5 High |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2019-15976 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2019-15975 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||