Total
192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0307 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
CVE-2022-45635 | 1 Megafeis | 1 Bofei Dbd\+ | 2024-11-21 | N/A | 7.5 HIGH |
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | |||||
CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2024-11-21 | N/A | 9.8 CRITICAL |
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||
CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2024-11-21 | N/A | 9.8 CRITICAL |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | |||||
CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2024-11-21 | N/A | 7.2 HIGH |
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | |||||
CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 2.4 LOW |
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | |||||
CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 5.3 MEDIUM |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 4.3 MEDIUM |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | |||||
CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2024-11-21 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 8.8 HIGH |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2024-11-21 | N/A | 9.8 CRITICAL |
RuoYi v3.8.3 has a Weak password vulnerability in the management system. | |||||
CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2024-11-21 | N/A | 9.8 CRITICAL |
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | |||||
CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | |||||
CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2024-11-21 | N/A | 9.8 CRITICAL |
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | |||||
CVE-2022-34772 | 1 Tabit | 1 Tabit | 2024-11-21 | N/A | 4.3 MEDIUM |
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting. | |||||
CVE-2022-34615 | 1 Mealie | 1 Mealie | 2024-11-21 | N/A | 9.8 CRITICAL |
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | |||||
CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | |||||
CVE-2022-32513 | 1 Schneider-electric | 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) | |||||
CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. |