Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2942 | 1 Cobham | 2 Aviator 700d, Aviator 700e | 2025-04-12 | N/A |
| Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. | ||||
| CVE-2015-7261 | 1 Qnap | 2 Iartist Lite, Signage Station | 2025-04-12 | N/A |
| The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | ||||
| CVE-2014-9248 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | ||||
| CVE-2014-0920 | 1 Ibm | 1 Spss Analytic Server | 2025-04-12 | N/A |
| IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-9687 | 1 Ecryptfs | 1 Ecryptfs-utils | 2025-04-12 | N/A |
| eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. | ||||
| CVE-2011-5323 | 1 Gehealthcare | 1 Centricity Pacs-iw | 2025-04-12 | N/A |
| GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2014-9152 | 1 Services Project | 1 Services | 2025-04-12 | N/A |
| The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2012-6693 | 1 Gehealthcare | 1 Centricity Pacs Server | 2025-04-12 | N/A |
| GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. | ||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-4875 | 1 Toshiba | 1 Chec | 2025-04-12 | N/A |
| CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. | ||||
| CVE-2014-9183 | 1 Zte | 1 Zxdsl | 2025-04-12 | N/A |
| ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | ||||
| CVE-2014-9736 | 1 Gehealthcare | 1 Centricity Clinical Archive Audit Trail Repository | 2025-04-12 | N/A |
| GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. | ||||
| CVE-2014-8034 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | ||||
| CVE-2014-4864 | 1 Netgear | 1 Prosafe Firmware | 2025-04-12 | N/A |
| The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. | ||||
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2025-04-12 | N/A |
| SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2025-04-12 | N/A |
| Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | ||||
| CVE-2014-8656 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2025-04-12 | N/A |
| The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | ||||
| CVE-2016-1984 | 1 Harman | 1 Amx Firmware | 2025-04-12 | N/A |
| The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362. | ||||
| CVE-2014-7823 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2025-04-12 | N/A |
| The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||||
| CVE-2014-2014 | 1 Imapsync Project | 1 Imapsync | 2025-04-12 | N/A |
| imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network. | ||||