Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2874 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2014-0645 | 1 Emc | 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more | 2025-04-12 | 4.7 MEDIUM | N/A |
| EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. | |||||
| CVE-2012-6693 | 1 Gehealthcare | 1 Centricity Pacs Server | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. | |||||
| CVE-2010-5308 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. | |||||
| CVE-2014-2752 | 1 Sap | 1 Business Object Processing Framework For Abap | 2025-04-12 | 7.5 HIGH | N/A |
| SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-2014 | 1 Imapsync Project | 1 Imapsync | 2025-04-12 | 4.3 MEDIUM | N/A |
| imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2014-2226 | 1 Ui | 1 Unifi Controller | 2025-04-12 | 2.6 LOW | N/A |
| Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-3220 | 1 F5 | 1 Big-iq | 2025-04-12 | 9.0 HIGH | N/A |
| F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | |||||
| CVE-2010-5307 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2014-4788 | 1 Ibm | 1 Initiate Master Data Service | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2015-6524 | 2 Apache, Fedoraproject | 2 Activemq, Fedora | 2025-04-12 | 5.0 MEDIUM | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-9183 | 1 Zte | 1 Zxdsl | 2025-04-12 | 10.0 HIGH | N/A |
| ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | |||||
| CVE-2014-0683 | 1 Cisco | 6 Cvr100w, Cvr100w Firmware, Rv110w and 3 more | 2025-04-12 | 10.0 HIGH | N/A |
| The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275. | |||||
| CVE-2014-4006 | 1 Sap | 1 Oil Industry Solution Traders And Schedulers Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2010-5318 | 1 Basic-cms | 1 Sweetrice | 2025-04-12 | 4.3 MEDIUM | N/A |
| The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. | |||||
| CVE-2014-5251 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2025-04-12 | 4.9 MEDIUM | N/A |
| The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token. | |||||
| CVE-2016-4028 | 1 Open-xchange | 1 Ox Guard | 2025-04-12 | 3.5 LOW | 7.5 HIGH |
| An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker. | |||||
| CVE-2014-5423 | 1 Carefusion | 1 Pyxis Supplystation | 2025-04-12 | 1.9 LOW | N/A |
| CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file. | |||||
| CVE-2014-0347 | 1 Websense | 5 Triton Unified Security Center, Triton Web Filter, Triton Web Security and 2 more | 2025-04-12 | 3.5 LOW | N/A |
| The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. | |||||