Total
725 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8962 | 1 Ibm | 1 Bigfix Inventory | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||||
CVE-2016-5950 | 1 Ibm | 1 Kenexa Lcms Premier | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |||||
CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | |||||
CVE-2016-3130 | 1 Blackberry | 1 Enterprise Service | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. | |||||
CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||||
CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||||
CVE-2016-4670 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log. | |||||
CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||||
CVE-2016-9479 | 1 B2evolution | 1 B2evolution | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | |||||
CVE-2013-1430 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | |||||
CVE-2016-8566 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||
CVE-2016-9355 | 1 Bd | 1 Alaris 8015 Pc Unit | 2023-12-10 | 2.1 LOW | 5.3 MEDIUM |
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience. | |||||
CVE-2016-9204 | 1 Cisco | 2 Nexus 1000v, Nexus 1000v Intercloud Firmware | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus99379. Known Affected Releases: 2.2(1). | |||||
CVE-2016-7456 | 1 Vmware | 1 Vsphere Data Protection | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. | |||||
CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | |||||
CVE-2016-2936 | 1 Ibm | 1 Bigfix Remote Control | 2023-12-10 | 5.0 MEDIUM | 7.3 HIGH |
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. |