Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7305 | 1 Riverbed | 1 Rios | 2024-08-05 | 2.1 LOW | 4.6 MEDIUM |
| Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs | |||||
| CVE-2017-7306 | 1 Riverbed | 1 Rios | 2024-08-05 | 1.9 LOW | 6.4 MEDIUM |
| Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs | |||||
| CVE-2020-11966 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time” | |||||
| CVE-2024-35137 | 1 Ibm | 1 Security Access Manager | 2024-07-31 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413. | |||||
| CVE-2024-3735 | 2024-07-19 | N/A | N/A | ||
| A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2018-5389 | 1 Ietf | 1 Internet Key Exchange | 2024-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. | |||||
| CVE-2024-0347 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-05-17 | N/A | 3.7 LOW |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115. | |||||
| CVE-2024-0188 | 1 Nia | 1 Rrj Nueva Ecija Engineer Online Portal | 2024-05-17 | N/A | 8.1 HIGH |
| A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability. | |||||
| CVE-2023-7053 | 1 Phpgurukul | 1 Online Notes Sharing System | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. | |||||
| CVE-2023-0641 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2024-05-17 | N/A | 9.1 CRITICAL |
| A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | |||||
| CVE-2023-50305 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-03-07 | N/A | 5.1 MEDIUM |
| IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336. | |||||
| CVE-2023-38369 | 1 Ibm | 1 Security Access Manager Container | 2024-02-10 | N/A | 7.5 HIGH |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | |||||
| CVE-2020-4574 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. | |||||
| CVE-2024-0676 | 1 Lamassu | 4 Douro, Douro Firmware, Douro Ii and 1 more | 2024-02-08 | N/A | 7.1 HIGH |
| Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack. | |||||
| CVE-2023-43016 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-07 | N/A | 7.3 HIGH |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. | |||||
| CVE-2023-0793 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-2160 | 1 Modoboa | 1 Modoboa | 2023-12-18 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | |||||
| CVE-2023-1753 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-0564 | 1 Froxlor | 1 Froxlor | 2023-12-18 | N/A | 7.5 HIGH |
| Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2023-41353 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | N/A | 8.8 HIGH |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | |||||