Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4115 | 1 Hp | 2 Storageworks Modular Smart Array P2000 G3, Storageworks Modular Smart Array P2000 G3 Firmware | 2025-04-11 | 9.0 HIGH | N/A |
| HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges. | |||||
| CVE-2010-3264 | 1 Novell | 1 Identity Manager | 2025-04-11 | 2.1 LOW | N/A |
| The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2013-3497 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2025-04-11 | 4.7 MEDIUM | N/A |
| Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | |||||
| CVE-2011-4757 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 10.0 HIGH | N/A |
| Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files. | |||||
| CVE-2014-1467 | 1 Blackberry | 4 Blackberry Enterprise Service, Blackberry Universal Device Service, Enterprise Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. | |||||
| CVE-2010-0595 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495. | |||||
| CVE-2011-0951 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 5.0 MEDIUM | N/A |
| The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | |||||
| CVE-2012-4577 | 1 Korenix | 1 Jetport | 2025-04-11 | 10.0 HIGH | N/A |
| The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. | |||||
| CVE-2009-4781 | 1 Tukeva | 1 Password Reminder | 2025-04-11 | 7.2 HIGH | N/A |
| TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection. | |||||
| CVE-2010-2966 | 1 Windriver | 1 Vxworks | 2025-04-11 | 7.8 HIGH | N/A |
| The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. | |||||
| CVE-2011-0423 | 1 Polyvision | 2 Roomwizard, Roomwizard Firmware | 2025-04-11 | 7.5 HIGH | N/A |
| The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | |||||
| CVE-2010-3684 | 1 Synology | 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more | 2025-04-11 | 2.1 LOW | N/A |
| The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | |||||
| CVE-2012-3538 | 1 Redhat | 1 Cloudforms | 2025-04-11 | 3.3 LOW | N/A |
| Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | |||||
| CVE-2009-5021 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | 7.5 HIGH | N/A |
| Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | |||||
| CVE-2011-1623 | 1 Cisco | 2 Media Experience Engine 5600, Media Processing Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | |||||
| CVE-2013-5636 | 1 Checkpoint | 1 Endpoint Security | 2025-04-11 | 3.3 LOW | N/A |
| Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses. | |||||
| CVE-2012-2173 | 1 Ibm | 1 Security Appscan Source | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-0534 | 1 Ibm | 2 Lotus Sametime, Sametime | 2025-04-11 | 1.9 LOW | N/A |
| The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory. | |||||
| CVE-2010-0124 | 1 Timeclock-software | 1 Employee Timeclock Software | 2025-04-11 | 2.1 LOW | N/A |
| Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2009-4945 | 1 Atutor | 1 Acollab | 2025-04-11 | 7.5 HIGH | N/A |
| AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | |||||