Vulnerabilities (CVE)

Filtered by CWE-521
Total 192 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3268 1 Ikus-soft 1 Minarca 2024-02-28 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
CVE-2022-37158 1 Iocoder 1 Ruoyi-vue-pro 2024-02-28 N/A 9.8 CRITICAL
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
CVE-2022-27558 1 Hcltech 2 Domino, Hcl Inotes 2024-02-28 N/A 7.5 HIGH
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
CVE-2022-3179 1 Ikus-soft 1 Rdiffweb 2024-02-28 N/A 8.8 HIGH
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVE-2022-26117 1 Fortinet 1 Fortinac 2024-02-28 N/A 8.8 HIGH
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.
CVE-2022-3326 1 Ikus-soft 1 Rdiffweb 2024-02-28 N/A 4.3 MEDIUM
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.
CVE-2022-43030 1 Siyucms 1 Siyucms 2024-02-28 N/A 7.2 HIGH
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges
CVE-2022-35143 1 Raneto Project 1 Raneto 2024-02-28 N/A 9.8 CRITICAL
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.
CVE-2022-1775 1 Trudesk Project 1 Trudesk 2024-02-28 7.5 HIGH 9.8 CRITICAL
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
CVE-2022-30325 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-02-28 3.3 LOW 8.8 HIGH
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network.
CVE-2022-1236 1 Weseek 1 Growi 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.
CVE-2022-29729 1 Verizon 2 4g Lte Network Extender, 4g Lte Network Extender Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.
CVE-2022-29098 1 Dell 1 Powerscale Onefs 2024-02-28 5.0 MEDIUM 7.5 HIGH
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.
CVE-2022-1039 1 Redlion 2 Da50n, Da50n Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.
CVE-2022-2098 1 Kromit 1 Titra 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
CVE-2022-1668 1 Secheron 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.
CVE-2022-29700 1 Zammad 1 Zammad 2024-02-28 5.0 MEDIUM 7.5 HIGH
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
CVE-2021-38935 1 Ibm 1 Maximo Asset Management 2024-02-28 5.0 MEDIUM 7.5 HIGH
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.
CVE-2021-43036 1 Kaseya 1 Unitrends Backup 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.
CVE-2021-20470 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-02-28 5.0 MEDIUM 7.5 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.