Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1271 | 2023-11-07 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1218. Reason: This candidate is a duplicate of CVE-2008-1218. Notes: All CVE users should reference CVE-2008-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2005-2666 | 1 Openbsd | 1 Openssh | 2023-11-07 | 1.2 LOW | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | |||||
| CVE-1999-0755 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-11-07 | 5.0 MEDIUM | N/A |
| Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. | |||||
| CVE-1999-0994 | 1 Microsoft | 1 Windows Nt | 2023-11-07 | 5.0 MEDIUM | N/A |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. | |||||
| CVE-1999-0387 | 1 Microsoft | 2 Windows 95, Windows 98 | 2023-11-07 | 7.8 HIGH | N/A |
| A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. | |||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-10-17 | 1.7 LOW | 6.7 MEDIUM |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||||
| CVE-2016-8566 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-10-17 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||
| CVE-2014-2014 | 1 Imapsync Project | 1 Imapsync | 2023-06-07 | 4.3 MEDIUM | N/A |
| imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2013-7004 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2023-04-26 | 7.8 HIGH | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | |||||
| CVE-2019-4381 | 1 Ibm | 1 I | 2023-03-02 | 2.1 LOW | 5.5 MEDIUM |
| IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159. | |||||
| CVE-2016-4996 | 1 Redhat | 2 Enterprise Linux Server, Satellite | 2023-02-13 | 1.9 LOW | 7.0 HIGH |
| discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | |||||
| CVE-2013-6372 | 1 Jenkins-ci | 1 Subversion-plugin | 2023-02-13 | 2.1 LOW | N/A |
| The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. | |||||
| CVE-2013-4509 | 2 Ibus Project, Opensuse | 2 Ibus, Opensuse | 2023-02-13 | 1.9 LOW | N/A |
| The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen. | |||||
| CVE-2012-6115 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-02-13 | 2.1 LOW | N/A |
| The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2012-6088 | 1 Rpm | 1 Rpm | 2023-02-13 | 4.3 MEDIUM | N/A |
| The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. | |||||
| CVE-2012-0794 | 1 Moodle | 1 Moodle | 2023-02-13 | 5.0 MEDIUM | N/A |
| The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | |||||
| CVE-2008-1676 | 2 Netscape, Redhat | 2 Certificate Management System, Certificate System | 2023-02-13 | 7.5 HIGH | N/A |
| Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. | |||||
| CVE-2011-4587 | 1 Moodle | 1 Moodle | 2023-02-13 | 6.8 MEDIUM | N/A |
| lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | |||||
| CVE-2015-1842 | 1 Redhat | 1 Openstack | 2023-02-13 | 10.0 HIGH | N/A |
| The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | |||||
| CVE-2014-3692 | 1 Redhat | 1 Cloudforms 3.1 Management Engine | 2023-02-13 | 10.0 HIGH | N/A |
| The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges. | |||||