Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0924 | 1 Ceragon | 3 Fiberair Ip-10c, Fiberair Ip-10e, Fiberair Ip-10g | 2025-04-12 | N/A |
| Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. | ||||
| CVE-2015-1950 | 1 Ibm | 1 Powervc | 2025-04-12 | N/A |
| IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code. | ||||
| CVE-2015-6424 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2025-04-12 | N/A |
| The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | ||||
| CVE-2014-9006 | 1 Monstra | 1 Monstra | 2025-04-12 | N/A |
| Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | ||||
| CVE-2014-8034 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | ||||
| CVE-2014-9152 | 1 Services Project | 1 Services | 2025-04-12 | N/A |
| The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2014-7232 | 1 Gehealthcare | 2 Discovery Xr656, Discovery Xr656 G2 | 2025-04-12 | N/A |
| GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2014-6099 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | N/A |
| The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | ||||
| CVE-2014-0354 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2025-04-12 | N/A |
| The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request. | ||||
| CVE-2014-6098 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | N/A |
| IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | ||||
| CVE-2014-7233 | 1 Gehealthcare | 1 Precision Thunis-800\+ | 2025-04-12 | N/A |
| GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. | ||||
| CVE-2014-9183 | 1 Zte | 1 Zxdsl | 2025-04-12 | N/A |
| ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | ||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | ||||
| CVE-2014-6607 | 1 Mmonit | 1 M\/monit | 2025-04-12 | N/A |
| M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409. | ||||
| CVE-2014-7823 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2025-04-12 | N/A |
| The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||||
| CVE-2014-7845 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2014-3489 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
| CVE-2014-8656 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2025-04-12 | N/A |
| The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | ||||
| CVE-2014-5253 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2025-04-12 | N/A |
| OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. | ||||
| CVE-2010-5306 | 1 Gehealthcare | 3 Optima Ct520 Firmware, Optima Ct540 Firmware, Optima Ct680 Firmware | 2025-04-12 | N/A |
| GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. | ||||