Total
168 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2023-12-10 | N/A | 9.8 CRITICAL |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | |||||
CVE-2023-0569 | 1 Publify Project | 1 Publify | 2023-12-10 | N/A | 6.5 MEDIUM |
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2021-36689 | 1 Samourai-wallet-android Project | 1 Samourai-wallet-android | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. | |||||
CVE-2022-32513 | 1 Schneider-electric | 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) | |||||
CVE-2021-39434 | 1 Zkteco | 1 Zktime | 2023-12-10 | N/A | 7.5 HIGH |
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | |||||
CVE-2023-0307 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
CVE-2023-22451 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-12-10 | N/A | 8.8 HIGH |
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. | |||||
CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | N/A | 2.7 LOW |
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | |||||
CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2023-12-10 | N/A | 9.8 CRITICAL |
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||
CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2023-12-10 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2023-12-10 | N/A | 7.5 HIGH |
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | |||||
CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2023-12-10 | N/A | 7.5 HIGH |
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | |||||
CVE-2022-34772 | 1 Tabit | 1 Tabit | 2023-12-10 | N/A | 8.8 HIGH |
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting. | |||||
CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | |||||
CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2023-12-10 | N/A | 5.3 MEDIUM |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2023-12-10 | N/A | 4.3 MEDIUM |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | |||||
CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2023-12-10 | N/A | 9.8 CRITICAL |
RuoYi v3.8.3 has a Weak password vulnerability in the management system. | |||||
CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | |||||
CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
CVE-2022-26117 | 1 Fortinet | 1 Fortinac | 2023-12-10 | N/A | 8.8 HIGH |
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. |