Vulnerabilities > Insecure Default Initialization of Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-13 | CVE-2024-44096 | Insecure Default Initialization of Resource vulnerability in Google Android there is a possible arbitrary read due to an insecure default value. | 4.4 |
| 2024-09-02 | CVE-2024-45313 | Insecure Default Initialization of Resource vulnerability in Overleaf Overleaf is a web-based collaborative LaTeX editor. | 5.4 |
| 2024-08-15 | CVE-2024-34734 | Insecure Default Initialization of Resource vulnerability in Google Android 13.0/14.0 In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. | 7.8 |
| 2024-08-13 | CVE-2024-6788 | A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. | 8.6 |
| 2024-07-17 | CVE-2024-31070 | Insecure Default Initialization of Resource vulnerability in Centurysys products Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 9.1 |
| 2024-07-12 | CVE-2024-39916 | Insecure Default Initialization of Resource vulnerability in Fogproject FOG is a free open-source cloning/imaging/rescue suite/inventory management system. | 6.4 |
| 2024-02-20 | CVE-2024-25610 | Insecure Default Initialization of Resource vulnerability in Liferay Digital Experience Platform In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field. | 5.4 |
| 2023-10-12 | CVE-2023-27516 | Insecure Default Initialization of Resource vulnerability in Softether VPN 4.419782/5.01.9674 An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. | 7.8 |
| 2023-10-10 | CVE-2023-45312 | Insecure Default Initialization of Resource vulnerability in Mtproto MT Proto Proxy In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability. | 8.8 |