Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2283 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
| CVE-2015-3957 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2025-04-12 | 4.6 MEDIUM | N/A |
| Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||||
| CVE-2016-2282 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 4.0 MEDIUM |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2015-4262 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-12 | 10.0 HIGH | N/A |
| The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. | |||||
| CVE-2014-4018 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-12 | 7.8 HIGH | N/A |
| The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-5994 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2025-04-12 | 7.9 HIGH | 6.8 MEDIUM |
| The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. | |||||
| CVE-2015-7856 | 1 Opennms | 1 Opennms | 2025-04-12 | 10.0 HIGH | N/A |
| OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
| CVE-2016-0865 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2013-1430 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | |||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2015-3974 | 1 Easyio | 2 Easyio-30p-sf, Easyio-30p-sf Firmware | 2025-04-12 | 9.0 HIGH | N/A |
| EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-2864 | 1 Retrospect | 2 Retrospect, Retrospect Client | 2025-04-12 | 5.0 MEDIUM | N/A |
| Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision. | |||||
| CVE-2014-3528 | 5 Apache, Apple, Canonical and 2 more | 9 Subversion, Xcode, Ubuntu Linux and 6 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | |||||
| CVE-2014-4875 | 1 Toshiba | 1 Chec | 2025-04-12 | 5.0 MEDIUM | N/A |
| CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. | |||||
| CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | |||||
| CVE-2014-8496 | 1 Digicom | 2 Dg-5514t Adsl Router, Dg-5514t Adsl Router Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack. | |||||
| CVE-2014-0202 | 1 Redhat | 1 Rhevm-dwh | 2025-04-12 | 2.1 LOW | N/A |
| The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | |||||
| CVE-2015-6032 | 1 Qolsys | 1 Iq Panel | 2025-04-12 | 9.3 HIGH | N/A |
| Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | |||||