Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secret vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-20933
InfluxDB prior to 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
Influxdata Influxdb
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4 Github repositories
9.8
CVSSv3
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use t...
Couchbase Couchbase Server
9.8
CVSSv3
CVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
Pepperl-fuchs Es7510-xt Firmware
Pepperl-fuchs Es8509-xt Firmware
Pepperl-fuchs Es8510-xt Firmware
Pepperl-fuchs Es9528-xtv2 Firmware
Pepperl-fuchs Es7506 Firmware
Pepperl-fuchs Es7510 Firmware
Pepperl-fuchs Es7528 Firmware
Pepperl-fuchs Es8508 Firmware
Pepperl-fuchs Es8508f Firmware
Pepperl-fuchs Es8510 Firmware
Pepperl-fuchs Es8510-xte Firmware
Pepperl-fuchs Es9528 Firmware
Pepperl-fuchs Es9528-xt Firmware
Korenix Jetnet5428g-20sfp Firmware -
Korenix Jetnet5810g Firmware -
Korenix Jetnet4510 Firmware -
Korenix Jetnet5010 Firmware -
Korenix Jetnet5310 Firmware -
Korenix Jetnet6095 Firmware -
Korenix Jetnet4706 Firmware -
Korenix Jetwave 3220 Firmware -
Korenix Jetwave 2311 Firmware -
9.8
CVSSv3
CVE-2020-4459
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395.
Ibm Security Secret Server
9.8
CVSSv3
CVE-2020-9480
In Apache Spark 2.4.5 and previous versions, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application'...
Apache Spark
Oracle Business Intelligence 5.5.0.0.0
1 Github repository
9.8
CVSSv3
CVE-2020-12627
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
Calibre-web Project Calibre-web 0.6.6
9.8
CVSSv3
CVE-2020-11658
CA API Developer Portal 4.3.1 and previous versions handles shared secret keys in an insecure manner, which allows malicious users to bypass authorization.
Broadcom Ca Api Developer Portal
9.8
CVSSv3
CVE-2019-2317
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...
Qualcomm Msm8905 Firmware -
Qualcomm Msm8909 Firmware -
Qualcomm Msm8917 Firmware -
Qualcomm Msm8920 Firmware -
Qualcomm Msm8937 Firmware -
Qualcomm Msm8940 Firmware -
Qualcomm Msm8953 Firmware -
Qualcomm Nicobar Firmware -
Qualcomm Qcm2150 Firmware -
Qualcomm Qm215 Firmware -
Qualcomm Sc8180x Firmware -
Qualcomm Sdm429 Firmware -
Qualcomm Sdm439 Firmware -
Qualcomm Sdm450 Firmware -
Qualcomm Sdm632 Firmware -
Qualcomm Sdx24 Firmware -
Qualcomm Sdx55 Firmware -
Qualcomm Sm6150 Firmware -
Qualcomm Sm7150 Firmware -
Qualcomm Sm8150 Firmware -
9.8
CVSSv3
CVE-2019-4640
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
Ibm Security Secret Server
9.8
CVSSv3
CVE-2019-18355
An SSRF issue exists in the legacy Web launcher in Thycotic Secret Server prior to 10.7.
Thycotic Secret Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »