Total
168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40520 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. | |||||
| CVE-2021-43036 | 1 Kaseya | 1 Unitrends Backup | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | |||||
| CVE-2021-41296 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | |||||
| CVE-2021-40333 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
| Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | |||||
| CVE-2021-41696 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | |||||
| CVE-2022-22110 | 1 Daybydaycrm | 1 Daybyday Crm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. | |||||
| CVE-2021-28914 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access. | |||||
| CVE-2021-35498 | 1 Tibco | 2 Ebx, Product And Service Catalog Powered By Tibco Ebx | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
| The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. | |||||
| CVE-2021-1522 | 1 Cisco | 1 Connected Mobile Experiences | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements. | |||||
| CVE-2021-32753 | 1 Edgexfoundry | 1 Edgex Foundry | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client_id and client_secret required to obtain an OAuth2 authentication token are set to the username of the proxy user. A remote network attacker can then perform a dictionary-based password attack on the OAuth2 token endpoint of the API gateway to obtain an OAuth2 authentication token and use that token to make authenticated calls to EdgeX microservices from an untrusted network. OAuth2 is the default authentication method in EdgeX Edinburgh release. The default authentication method was changed to JWT in Fuji and later releases. Users should upgrade to the EdgeX Ireland release to obtain the fix. The OAuth2 authentication method is disabled in Ireland release. If unable to upgrade and OAuth2 authentication is required, users should create OAuth2 users directly using the Kong admin API and forgo the use of the `security-proxy-setup` tool to create OAuth2 users. | |||||
| CVE-2021-25839 | 1 Minthcm | 1 Minthcm | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. | |||||
| CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. | |||||
| CVE-2021-26797 | 1 Hametech | 2 Hame Sd1 Wi-fi, Hame Sd1 Wi-fi Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service. | |||||
| CVE-2021-20418 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. | |||||
| CVE-2019-17444 | 1 Jfrog | 1 Artifactory | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. | |||||
| CVE-2020-27585 | 1 Quickheal | 1 Total Security | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. | |||||
| CVE-2020-26201 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH. | |||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | |||||
| CVE-2020-8956 | 2 Microsoft, Pulsesecure | 2 Windows, Pulse Secure Desktop | 2023-12-10 | 1.9 LOW | 3.3 LOW |
| Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. | |||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||