Total
737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3799 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | N/A |
| The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | |||||
| CVE-2002-2446 | 1 Gehealthcare | 3 Millennium Mg Firmware, Millennium Myosight Firmware, Millennium Nc Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. | |||||
| CVE-2016-1491 | 1 Lenovo | 1 Shareit | 2025-04-12 | 5.4 MEDIUM | 8.8 HIGH |
| The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | |||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2015-6412 | 1 Cisco | 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | |||||
| CVE-2016-2871 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. | |||||
| CVE-2013-1430 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | |||||
| CVE-2015-6424 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2025-04-12 | 7.2 HIGH | N/A |
| The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | |||||
| CVE-2016-2230 | 1 Openelec | 1 Openelec | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |||||
| CVE-2014-4450 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
| The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | |||||
| CVE-2013-6223 | 1 Livezilla | 1 Livezilla | 2025-04-12 | 2.1 LOW | N/A |
| LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. | |||||
| CVE-2010-5309 | 1 Gehealthcare | 1 Cadstream Server Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. | |||||
| CVE-2014-9006 | 1 Monstra | 1 Monstra | 2025-04-12 | 5.0 MEDIUM | N/A |
| Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | |||||
| CVE-2015-4262 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-12 | 10.0 HIGH | N/A |
| The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. | |||||
| CVE-2014-3489 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 4.3 MEDIUM | N/A |
| lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2014-4011 | 1 Sap | 1 Capacity Leveling | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2015-6743 | 1 Basware | 1 Banking | 2025-04-12 | 6.5 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
| CVE-2014-9251 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. | |||||