Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8988 | 1 Voatz | 1 Voatz | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach. | |||||
| CVE-2020-8956 | 2 Microsoft, Pulsesecure | 2 Windows, Pulse Secure Desktop | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. | |||||
| CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | |||||
| CVE-2020-8632 | 3 Canonical, Debian, Opensuse | 3 Cloud-init, Debian Linux, Leap | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | |||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||
| CVE-2020-7940 | 1 Plone | 1 Plone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. | |||||
| CVE-2020-7519 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | |||||
| CVE-2020-7492 | 1 Schneider-electric | 1 Gp-pro Ex Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. | |||||
| CVE-2020-6995 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2020-6991 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | |||||
| CVE-2020-4574 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. | |||||
| CVE-2020-4245 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. | |||||
| CVE-2020-29591 | 1 Docker | 1 Registry | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-27587 | 1 Quickheal | 1 Total Security | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. | |||||
| CVE-2020-27585 | 1 Quickheal | 1 Total Security | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. | |||||
| CVE-2020-26201 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH. | |||||
| CVE-2020-26103 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | |||||
| CVE-2020-25153 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | |||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | |||||
| CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||||