CVEbaza.plCWE DictionaryCWE-310
Common Weakness Enumeration

CWE-310

CVE: 2,518
CVE vulnerabilities with CWE-310 (2,518)
10.0
CVSS
HIGH
CVE-2014-5419

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.

pub. 2015-01-17
10.0
CVSS
HIGH
CVE-2014-7878

The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.

pub. 2014-11-14
10.0
CVSS
HIGH
CVE-2013-3712

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.

pub. 2014-02-26
10.0
CVSS
HIGH
CVE-2013-6952

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.

pub. 2014-02-22
10.0
CVSS
HIGH
CVE-2013-6838

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.

pub. 2014-01-28
10.0
CVSS
HIGH
CVE-2013-0137

The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session.

pub. 2013-06-30
10.0
CVSS
HIGH
CVE-2012-5862

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

pub. 2012-11-23
10.0
CVSS
HIGH
CVE-2011-5121

The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors.

pub. 2012-08-26
10.0
CVSS
HIGH
CVE-2011-5123

The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.

pub. 2012-08-26
10.0
CVSS
HIGH
CVE-2012-2405

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.

pub. 2012-04-22
10.0
CVSS
HIGH
CVE-2011-4684

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."

pub. 2011-12-07
10.0
CVSS
HIGH
CVE-2011-2344

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

pub. 2011-07-08
10.0
CVSS
HIGH
CVE-2011-0935

The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.

pub. 2011-04-14
10.0
CVSS
HIGH
CVE-2010-2978

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.

pub. 2010-08-10
10.0
CVSS
HIGH
CVE-2010-2468

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.

pub. 2010-06-25
10.0
CVSS
HIGH
CVE-2010-0231

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."

pub. 2010-02-10
10.0
CVSS
HIGH
CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

pub. 2010-01-19
10.0
CVSS
HIGH
CVE-2008-7023

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

pub. 2009-08-21
10.0
CVSS
HIGH
CVE-2008-6993

Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

pub. 2009-08-19
10.0
CVSS
HIGH
CVE-2008-6824

The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.

pub. 2009-06-04
Showing 20 of 2,518 vulnerabilities
Information
ID: CWE-310
Vulnerabilities: 2,518
MITRE CWE ↗
← CWE Dictionary