Vulnerabilities > Insecure Default Initialization of Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-3825 | Insecure Default Initialization of Resource vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. | 5.9 |
| 2018-08-23 | CVE-2018-15685 | Insecure Default Initialization of Resource vulnerability in Electronjs Electron GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | 8.1 |
| 2018-08-17 | CVE-2018-15350 | Insecure Default Initialization of Resource vulnerability in Kraftway 24F2Xg Router Firmware 3.5.30.1118 Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | 9.8 |
| 2018-08-03 | CVE-2018-1524 | Insecure Default Initialization of Resource vulnerability in IBM products IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. | 8.8 |
| 2018-07-10 | CVE-2018-3667 | Insecure Default Initialization of Resource vulnerability in Intel Processor Diagnostic Tool 4.1.0.24 Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. | 7.8 |
| 2018-06-07 | CVE-2018-0263 | Insecure Default Initialization of Resource vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. | 7.4 |
| 2018-06-06 | CVE-2018-5841 | Insecure Default Initialization of Resource vulnerability in Google Android dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 7.8 |
| 2018-05-18 | CVE-2018-10968 | Insecure Default Initialization of Resource vulnerability in D-Link Dir-550A Firmware and Dir-604M Firmware On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | 9.8 |
| 2018-05-16 | CVE-2018-8014 | Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. | 9.8 |
| 2018-05-14 | CVE-2018-10989 | Insecure Default Initialization of Resource vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. | 6.6 |