Total
761 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2864 | 1 Retrospect | 2 Retrospect, Retrospect Client | 2025-04-12 | N/A |
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision. | ||||
CVE-2015-3001 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | ||||
CVE-2010-5308 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2025-04-12 | N/A |
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. | ||||
CVE-2015-3974 | 1 Easyio | 2 Easyio-30p-sf, Easyio-30p-sf Firmware | 2025-04-12 | N/A |
EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
CVE-2010-5307 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2025-04-12 | N/A |
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2015-4966 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more | 2025-04-12 | N/A |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. | ||||
CVE-2010-5309 | 1 Gehealthcare | 1 Cadstream Server Firmware | 2025-04-12 | N/A |
GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. | ||||
CVE-2010-5310 | 1 Gehealthcare | 1 Revolution Xq\/i | 2025-04-12 | N/A |
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2010-5306 | 1 Gehealthcare | 3 Optima Ct520 Firmware, Optima Ct540 Firmware, Optima Ct680 Firmware | 2025-04-12 | N/A |
GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. | ||||
CVE-2014-4011 | 1 Sap | 1 Capacity Leveling | 2025-04-12 | N/A |
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
CVE-2014-3298 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | N/A |
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. | ||||
CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2025-04-12 | N/A |
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | ||||
CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | N/A |
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
CVE-2016-2936 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | ||||
CVE-2010-5318 | 1 Basic-cms | 1 Sweetrice | 2025-04-12 | N/A |
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. | ||||
CVE-2014-3220 | 1 F5 | 1 Big-iq | 2025-04-12 | N/A |
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | ||||
CVE-2014-3489 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2025-04-12 | N/A |
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | ||||
CVE-2014-5253 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2025-04-12 | N/A |
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. | ||||
CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2025-04-12 | N/A |
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |