Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8566 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-20 | 7.8 High |
| An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | ||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | N/A |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | ||||
| CVE-2015-4681 | 1 Polycom | 1 Realpresence Resource Manager | 2025-04-20 | N/A |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | ||||
| CVE-2016-8962 | 1 Ibm | 1 Bigfix Inventory | 2025-04-20 | N/A |
| IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | ||||
| CVE-2016-9348 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | N/A |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. | ||||
| CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2025-04-20 | N/A |
| IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | ||||
| CVE-2017-16727 | 1 Moxa | 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more | 2025-04-20 | N/A |
| A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | ||||
| CVE-2016-4996 | 1 Redhat | 3 Enterprise Linux Server, Satellite, Satellite Capsule | 2025-04-20 | N/A |
| discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | ||||
| CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | N/A |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | ||||
| CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | N/A |
| IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | ||||
| CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | ||||
| CVE-2016-8372 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2025-04-20 | 8.1 High |
| An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure. | ||||
| CVE-2014-8357 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2025-04-20 | N/A |
| backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | ||||
| CVE-2017-10845 | 1 Nttdocomo | 2 Wi-fi Station L-02f, Wi-fi Station L-02f Firmware | 2025-04-20 | N/A |
| Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | ||||
| CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2013-3734 | 1 Redhat | 1 Jboss Application Server | 2025-04-20 | N/A |
| The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console | ||||
| CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | N/A |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | ||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | ||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | ||||
| CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | N/A |
| SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | ||||