Vulnerabilities (CVE)

Filtered by CWE-521
Total 192 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0307 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2022-45635 1 Megafeis 1 Bofei Dbd\+ 2024-11-21 N/A 7.5 HIGH
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.
CVE-2022-45482 1 Lazy Mouse Project 1 Lazy Mouse 2024-11-21 N/A 9.8 CRITICAL
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-44236 1 Zed-3 1 Voip Simplicity Asg 2024-11-21 N/A 9.8 CRITICAL
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.
CVE-2022-43030 1 Siyucms 1 Siyucms 2024-11-21 N/A 7.2 HIGH
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges
CVE-2022-41969 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 2.4 LOW
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.
CVE-2022-3754 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2022-3376 1 Ikus-soft 1 Rdiffweb 2024-11-21 N/A 5.3 MEDIUM
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-3326 1 Ikus-soft 1 Rdiffweb 2024-11-21 N/A 4.3 MEDIUM
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.
CVE-2022-3268 1 Ikus-soft 1 Minarca 2024-11-21 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
CVE-2022-3179 1 Ikus-soft 1 Rdiffweb 2024-11-21 N/A 8.8 HIGH
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVE-2022-37158 1 Iocoder 1 Ruoyi-vue-pro 2024-11-21 N/A 9.8 CRITICAL
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
CVE-2022-36301 1 Bosch 1 Bf-os 2024-11-21 N/A 9.8 CRITICAL
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.
CVE-2022-35280 2 Ibm, Microsoft 2 Robotic Process Automation For Cloud Pak, Windows 2024-11-21 N/A 9.8 CRITICAL
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.
CVE-2022-35143 1 Raneto Project 1 Raneto 2024-11-21 N/A 9.8 CRITICAL
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.
CVE-2022-34772 1 Tabit 1 Tabit 2024-11-21 N/A 4.3 MEDIUM
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.
CVE-2022-34615 1 Mealie 1 Mealie 2024-11-21 N/A 9.8 CRITICAL
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.
CVE-2022-34333 1 Ibm 1 Sterling Order Management 2024-11-21 N/A 5.9 MEDIUM
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.
CVE-2022-32513 1 Schneider-electric 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more 2024-11-21 N/A 9.8 CRITICAL
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
CVE-2022-31211 1 Infiray 2 Iray-a8z3, Iray-a8z3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.