Total
219 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37503 | 1 Hcltech | 1 Hcl Compass | 2024-11-21 | 8.1 High |
| HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | ||||
| CVE-2023-34995 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 7.5 High |
| There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. | ||||
| CVE-2023-31098 | 1 Apache | 1 Inlong | 2024-11-21 | 9.8 Critical |
| Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it. | ||||
| CVE-2023-29974 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 9.8 Critical |
| An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | ||||
| CVE-2023-0641 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2024-11-21 | 3.7 Low |
| A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | ||||
| CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 5.3 Medium |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 8.8 High |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||||
| CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2024-11-21 | 9.8 Critical |
| RuoYi v3.8.3 has a Weak password vulnerability in the management system. | ||||
| CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2024-11-21 | 9.8 Critical |
| BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | ||||
| CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | 9.8 Critical |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | ||||
| CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2024-11-21 | 9.8 Critical |
| Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | ||||
| CVE-2022-34772 | 1 Tabit | 1 Tabit | 2024-11-21 | 4.3 Medium |
| Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting. | ||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2024-11-21 | 9.8 Critical |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | ||||
| CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | ||||
| CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-11-21 | 8.8 High |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | ||||
| CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2024-11-21 | 9.8 Critical |
| Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | ||||
| CVE-2022-2098 | 1 Kromit | 1 Titra | 2024-11-21 | 9.8 Critical |
| Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. | ||||
| CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2024-11-21 | 7.5 High |
| Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | ||||
| CVE-2022-29700 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | ||||
| CVE-2022-29098 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | ||||