Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16158 | 1 Eaton | 6 Power Xpert Meter 4000, Power Xpert Meter 4000 Firmware, Power Xpert Meter 6000 and 3 more | 2024-11-21 | N/A |
| Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | ||||
| CVE-2018-15808 | 1 Posim | 1 Evo | 2024-11-21 | N/A |
| POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients. | ||||
| CVE-2018-15781 | 1 Dell | 1 Wyse Thinlinux | 2024-11-21 | N/A |
| The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. | ||||
| CVE-2018-15753 | 1 Mensamax | 1 Mensamax | 2024-11-21 | N/A |
| An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password. | ||||
| CVE-2018-15720 | 1 Logitech | 2 Harmony Hub, Harmony Hub Firmware | 2024-11-21 | N/A |
| Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | ||||
| CVE-2018-15491 | 1 Zemana | 1 Antilogger | 2024-11-21 | N/A |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | ||||
| CVE-2018-15360 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | N/A |
| An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | ||||
| CVE-2018-14943 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | N/A |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | ||||
| CVE-2018-14901 | 1 Epson | 1 Iprint | 2024-11-21 | N/A |
| The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. | ||||
| CVE-2018-14801 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | N/A |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | ||||
| CVE-2018-14528 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2024-11-21 | N/A |
| Invoxia NVX220 devices allow TELNET access as admin with a default password. | ||||
| CVE-2018-14324 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
| The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product. | ||||
| CVE-2018-13820 | 1 Ca | 1 Unified Infrastructure Management | 2024-11-21 | N/A |
| A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | ||||
| CVE-2018-13819 | 1 Ca | 1 Unified Infrastructure Management | 2024-11-21 | N/A |
| A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | ||||
| CVE-2018-13342 | 1 Linhandante | 1 Anda | 2024-11-21 | N/A |
| The server API in the Anda app relies on hardcoded credentials. | ||||
| CVE-2018-12924 | 1 Eztcp | 16 Cie-h10, Cie-h10 Firmware, Cie-h12 and 13 more | 2024-11-21 | N/A |
| Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. | ||||
| CVE-2018-12668 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | N/A |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. | ||||
| CVE-2018-12526 | 1 Telesquare | 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more | 2024-11-21 | N/A |
| Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | ||||
| CVE-2018-12323 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | N/A |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | ||||
| CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 5.9 Medium |
| The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | ||||