Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0184 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. | ||||
| CVE-2016-9479 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | ||||
| CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2025-04-12 | N/A |
| SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-3068 | 2 Ibm, Redhat | 3 Java, Network Satellite, Rhel Extras | 2025-04-12 | N/A |
| IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | ||||
| CVE-2014-5422 | 1 Carefusion | 1 Pyxis Supplystation | 2025-04-12 | N/A |
| CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-5423 | 1 Carefusion | 1 Pyxis Supplystation | 2025-04-12 | N/A |
| CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file. | ||||
| CVE-2015-0924 | 1 Ceragon | 3 Fiberair Ip-10c, Fiberair Ip-10e, Fiberair Ip-10g | 2025-04-12 | N/A |
| Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. | ||||
| CVE-2015-6016 | 1 Zyxel | 4 Nbg-418n, P-660hw-t1 2, Pmg5318-b20a Firmware and 1 more | 2025-04-12 | N/A |
| ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | ||||
| CVE-2015-8673 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2025-04-12 | N/A |
| Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | ||||
| CVE-2014-7823 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2025-04-12 | N/A |
| The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||||
| CVE-2012-6694 | 1 Gehealthcare | 2 Centricity Pacs Server, Centricity Pacs Workstation | 2025-04-12 | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. | ||||
| CVE-2014-7845 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2016-4325 | 1 Lantronix | 1 Xprintserver Firmware | 2025-04-12 | N/A |
| Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | ||||
| CVE-2014-7232 | 1 Gehealthcare | 2 Discovery Xr656, Discovery Xr656 G2 | 2025-04-12 | N/A |
| GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2014-7233 | 1 Gehealthcare | 1 Precision Thunis-800\+ | 2025-04-12 | N/A |
| GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. | ||||
| CVE-2014-8034 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | ||||
| CVE-2012-6660 | 1 Gehealthcare | 1 Precision Mpi | 2025-04-12 | N/A |
| GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2007-6757 | 1 Gehealthcare | 1 Centricity Dms Firmware | 2025-04-12 | N/A |
| GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2014-6099 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | N/A |
| The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | ||||
| CVE-2007-6756 | 1 Zoll | 1 Monitor\/defibrillator | 2025-04-12 | N/A |
| ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | ||||