Total
192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6339 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase. | |||||
CVE-2017-1601 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. | |||||
CVE-2017-1597 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. | |||||
CVE-2017-1386 | 1 Ibm | 2 Api Connect, Api Management | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160. | |||||
CVE-2017-1221 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. | |||||
CVE-2017-1196 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. | |||||
CVE-2017-18857 | 1 Netgear | 1 Insight | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. | |||||
CVE-2017-16727 | 1 Moxa | 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | |||||
CVE-2017-14189 | 1 Fortinet | 1 Fortiweb Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | |||||
CVE-2017-12861 | 1 Epson | 1 Easymp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device | |||||
CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | |||||
CVE-2015-8033 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | |||||
CVE-2012-2441 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2024-11-21 | 8.5 HIGH | N/A |
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. | |||||
CVE-2011-4931 | 2 Debian, Gpw Project | 2 Debian Linux, Gpw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
gpw generates shorter passwords than required | |||||
CVE-2024-51398 | 2024-11-05 | N/A | 6.5 MEDIUM | ||
Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security. | |||||
CVE-2024-47121 | 1 Gotenna | 1 Gotenna Pro | 2024-11-01 | N/A | 5.3 MEDIUM |
The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions. | |||||
CVE-2024-48272 | 2024-11-01 | N/A | 6.5 MEDIUM | ||
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. | |||||
CVE-2024-48271 | 2024-11-01 | N/A | 8.8 HIGH | ||
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. | |||||
CVE-2024-45374 | 1 Gotenna | 1 Gotenna | 2024-10-17 | N/A | 6.5 MEDIUM |
The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is advised to use local QR encryption key sharing for additional security on this and previous versions. | |||||
CVE-2024-7293 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 8.8 HIGH |
In ProgressĀ® TelerikĀ® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. |