Total
235 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12925 | 1 Lantronix | 2 Mss, Mss Firmware | 2024-11-21 | N/A |
| Baseon Lantronix MSS devices do not require a password for TELNET access. | ||||
| CVE-2018-1000134 | 2 Pingidentity, Redhat | 3 Ldapsdk, Jboss Enterprise Bpms Platform, Rhev Manager | 2024-11-21 | N/A |
| UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. | ||||
| CVE-2017-9818 | 1 Npci | 1 Bharat Interface For Money \(bhim\) | 2024-11-21 | N/A |
| The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access. | ||||
| CVE-2017-1601 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | N/A |
| IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. | ||||
| CVE-2017-1597 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A |
| IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. | ||||
| CVE-2017-18857 | 1 Netgear | 1 Insight | 2024-11-21 | 9.8 Critical |
| The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. | ||||
| CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | ||||
| CVE-2015-8033 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.3 Medium |
| In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | ||||
| CVE-2011-4931 | 2 Debian, Gpw Project | 2 Debian Linux, Gpw | 2024-11-21 | 7.5 High |
| gpw generates shorter passwords than required | ||||
| CVE-2024-51398 | 1 Altaitechnologies | 1 Ix500 Firmware | 2024-11-05 | 6.5 Medium |
| Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security. | ||||
| CVE-2024-7293 | 1 Progress | 2 Telerik Report Server, Telerik Reporting | 2024-10-15 | 7.5 High |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | ||||
| CVE-2021-38133 | 1 Microfocus | 1 Edirectory | 2024-09-18 | 7.4 High |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | ||||
| CVE-2022-39997 | 1 Teldat | 2 Rs123 Firmware, Rs123w Firmware | 2024-08-28 | 8 High |
| A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges | ||||
| CVE-2024-40697 | 1 Ibm | 1 Common Licensing | 2024-08-22 | 7.5 High |
| IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. | ||||
| CVE-2024-41683 | 1 Siemens | 2 Location Intelligence, Location Intelligence Family | 2024-08-14 | 5.3 Medium |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords. | ||||