• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-798

CVE-2022-25569

February 23, 2023 by godfreyd94

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.

CVE-2022-25577

February 23, 2023 by godfreyd94

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.

CVE-2022-25510

February 23, 2023 by godfreyd94

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.

CVE-2022-25521

February 23, 2023 by godfreyd94

NUUO v03.11.00 was discovered to contain access control issue.

CVE-2022-25329

February 23, 2023 by godfreyd94

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.

CVE-2022-25213

February 23, 2023 by godfreyd94

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 120
  • Go to page 121
  • Go to page 122
  • Go to page 123
  • Go to page 124
  • Interim pages omitted …
  • Go to page 130
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE