Total
192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-51398 | 2024-11-05 | N/A | 6.5 MEDIUM | ||
Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security. | |||||
CVE-2024-47121 | 1 Gotenna | 1 Gotenna Pro | 2024-11-01 | N/A | 5.3 MEDIUM |
The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions. | |||||
CVE-2024-48272 | 2024-11-01 | N/A | 6.5 MEDIUM | ||
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. | |||||
CVE-2024-48271 | 2024-11-01 | N/A | 8.8 HIGH | ||
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. | |||||
CVE-2024-21865 | 2024-10-27 | N/A | 6.5 MEDIUM | ||
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | |||||
CVE-2024-45374 | 1 Gotenna | 1 Gotenna | 2024-10-17 | N/A | 6.5 MEDIUM |
The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is advised to use local QR encryption key sharing for additional security on this and previous versions. | |||||
CVE-2024-7293 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 8.8 HIGH |
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | |||||
CVE-2023-31098 | 1 Apache | 1 Inlong | 2024-10-11 | N/A | 9.8 CRITICAL |
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it. | |||||
CVE-2024-47221 | 1 Rapidscada | 1 Rapid Scada | 2024-09-29 | N/A | 7.5 HIGH |
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. | |||||
CVE-2021-38133 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 6.5 MEDIUM |
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | |||||
CVE-2023-40539 | 1 Philips | 1 Vue Pacs | 2024-09-05 | N/A | 5.9 MEDIUM |
Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts. | |||||
CVE-2023-29974 | 1 Pfsense | 1 Pfsense | 2024-09-04 | N/A | 9.8 CRITICAL |
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | |||||
CVE-2022-39997 | 2024-08-28 | N/A | 8.0 HIGH | ||
A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges | |||||
CVE-2024-40697 | 1 Ibm | 1 Common Licensing | 2024-08-22 | N/A | 7.5 HIGH |
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. | |||||
CVE-2024-42850 | 2024-08-19 | N/A | 9.8 CRITICAL | ||
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | |||||
CVE-2024-36789 | 2024-08-15 | N/A | 8.1 HIGH | ||
An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. | |||||
CVE-2024-41683 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 5.3 MEDIUM |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords. | |||||
CVE-2017-9853 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2024-08-05 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
CVE-2017-7306 | 1 Riverbed | 1 Rios | 2024-08-05 | 1.9 LOW | 6.4 MEDIUM |
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs | |||||
CVE-2017-7305 | 1 Riverbed | 1 Rios | 2024-08-05 | 2.1 LOW | 4.6 MEDIUM |
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs |