Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9123 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2023-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||||
| CVE-2023-3089 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | |||||
| CVE-2023-37756 | 1 I-doit | 1 I-doit | 2023-11-07 | N/A | 9.8 CRITICAL |
| I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack. | |||||
| CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | |||||
| CVE-2021-35498 | 1 Tibco | 2 Ebx, Product And Service Catalog Powered By Tibco Ebx | 2023-11-07 | 9.3 HIGH | 9.8 CRITICAL |
| The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. | |||||
| CVE-2021-1522 | 1 Cisco | 1 Connected Mobile Experiences | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements. | |||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||
| CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||||
| CVE-2019-14833 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2023-11-07 | 4.9 MEDIUM | 5.4 MEDIUM |
| A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | |||||
| CVE-2023-37503 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | N/A | 9.8 CRITICAL |
| HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||||
| CVE-2023-40707 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2023-08-29 | N/A | 7.5 HIGH |
| There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials. | |||||
| CVE-2023-4125 | 1 Answer | 1 Answer | 2023-08-08 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. | |||||
| CVE-2023-34995 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. | |||||
| CVE-2023-3423 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2023-07-06 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. | |||||
| CVE-2023-34240 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2023-07-06 | N/A | 9.8 CRITICAL |
| Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-2060 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2023-06-16 | N/A | 7.5 HIGH |
| Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. | |||||
| CVE-2019-19093 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 6.4 MEDIUM | 6.5 MEDIUM |
| eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | |||||
| CVE-2022-34772 | 1 Tabit | 1 Tabit | 2023-03-28 | N/A | 8.8 HIGH |
| Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting. | |||||
| CVE-2021-36689 | 1 Samourai-wallet-android Project | 1 Samourai-wallet-android | 2023-03-10 | N/A | 5.5 MEDIUM |
| An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. | |||||
| CVE-2022-26117 | 1 Fortinet | 1 Fortinac | 2023-02-16 | N/A | 8.8 HIGH |
| An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | |||||