Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6815 | 1 Apache | 1 Ranger | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | |||||
| CVE-2016-5950 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |||||
| CVE-2016-4996 | 1 Redhat | 2 Enterprise Linux Server, Satellite | 2025-04-20 | 1.9 LOW | 7.0 HIGH |
| discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | |||||
| CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | |||||
| CVE-2016-7030 | 1 Freeipa | 1 Freeipa | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. | |||||
| CVE-2016-9739 | 1 Ibm | 1 Security Identity Manager | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | |||||
| CVE-2016-9348 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. | |||||
| CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||||
| CVE-2015-4684 | 1 Polycom | 1 Realpresence Resource Manager | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. | |||||
| CVE-2016-4670 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log. | |||||
| CVE-2014-8357 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
| backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | |||||
| CVE-2016-2972 | 1 Ibm | 1 Sametime | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | |||||
| CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
| CVE-2016-6904 | 1 Netapp | 1 Vasa Provider | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials. | |||||
| CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||||
| CVE-2016-8962 | 1 Ibm | 1 Bigfix Inventory | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||||
| CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||||
| CVE-2016-9355 | 1 Bd | 1 Alaris 8015 Pc Unit | 2025-04-20 | 2.1 LOW | 5.3 MEDIUM |
| An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience. | |||||
| CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | |||||