Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4601
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an malicious user to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer val...
NA
CVE-2024-25730
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).
8.8
CVSSv3
CVE-2024-23726
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six charact...
Ubeeinteractive Ddw365 Firmware -
8.8
CVSSv3
CVE-2023-40038
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
Arris Dg860a Firmware -
Arris Dg1670a Firmware Ts0901203b6 020420 16xx.gw Pc20 Tw
8.1
CVSSv3
CVE-2023-49949
Passwork prior to 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
Passwork Passwork
4.3
CVSSv3
CVE-2023-49790
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. N...
Nextcloud Nextcloud
7.4
CVSSv3
CVE-2023-43650
JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-dig...
Fit2cloud Jumpserver
7.5
CVSSv3
CVE-2023-3222
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote malicious user to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to...
Password Recovery Project Password Recovery 1.2
5.9
CVSSv3
CVE-2023-1285
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated malicious user to cause a denial-of-service (DoS) condition in Ethernet communication by ...
Mitsubishielectric Gc-enet-com Firmware -
9.1
CVSSv3
CVE-2021-4238
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strin...
Goutils Project Goutils
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »