Total
168 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2023-12-10 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2023-12-10 | N/A | 8.8 HIGH |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
CVE-2022-34615 | 1 Mealie | 1 Mealie | 2023-12-10 | N/A | 9.8 CRITICAL |
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | |||||
CVE-2022-28377 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2023-12-10 | N/A | 7.5 HIGH |
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU). | |||||
CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2023-12-10 | N/A | 7.2 HIGH |
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | |||||
CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2023-12-10 | N/A | 9.8 CRITICAL |
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | |||||
CVE-2022-1039 | 1 Redlion | 2 Da50n, Da50n Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password. | |||||
CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | |||||
CVE-2022-1775 | 1 Trudesk Project | 1 Trudesk | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-1668 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. | |||||
CVE-2021-38935 | 1 Ibm | 1 Maximo Asset Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | |||||
CVE-2022-1236 | 1 Weseek | 1 Growi | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0. | |||||
CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | |||||
CVE-2022-29098 | 1 Dell | 1 Powerscale Onefs | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | |||||
CVE-2022-2098 | 1 Kromit | 1 Titra | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. | |||||
CVE-2022-29700 | 1 Zammad | 1 Zammad | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | |||||
CVE-2021-28912 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access. | |||||
CVE-2021-38462 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf. | |||||
CVE-2021-43471 | 1 Canon | 2 Lbp223dw, Lbp223dw Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | |||||
CVE-2021-20470 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. |