Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9240 | 1 Keystonejs | 1 Keystone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. | |||||
| CVE-2015-8945 | 1 Openshift | 1 Origin | 2024-11-21 | 1.9 LOW | 5.1 MEDIUM |
| openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | |||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2015-8673 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | |||||
| CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2015-8611 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password. | |||||
| CVE-2015-8362 | 1 Harman | 1 Amx Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984. | |||||
| CVE-2015-8289 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | |||||
| CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | |||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | |||||
| CVE-2015-7921 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | |||||
| CVE-2015-7915 | 1 Sauter | 1 Moduweb Vision | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-7911 | 1 Saia Burgess Controls | 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more | 2024-11-21 | 10.0 HIGH | 9.1 CRITICAL |
| Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | |||||
| CVE-2015-7906 | 1 Loytec | 5 L-switch And L-ip Firmware, Linx-100, Lip-3ectb and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
| LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors. | |||||
| CVE-2015-7856 | 1 Opennms | 1 Opennms | 2024-11-21 | 10.0 HIGH | N/A |
| OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
| CVE-2015-7819 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-11-21 | 5.0 MEDIUM | N/A |
| The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. | |||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | |||||
| CVE-2015-7289 | 1 Arris | 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP. | |||||
| CVE-2015-7287 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2024-11-21 | 7.5 HIGH | N/A |
| CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message. | |||||