Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32513 | 1 Schneider-electric | 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more | 2023-02-08 | N/A | 9.8 CRITICAL |
| A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) | |||||
| CVE-2019-4067 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. | |||||
| CVE-2023-0307 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-23 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2023-22451 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-01-09 | N/A | 8.8 HIGH |
| Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. | |||||
| CVE-2019-4565 | 1 Ibm | 1 Security Key Lifecycle Manager | 2022-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | |||||
| CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2022-12-05 | N/A | 2.7 LOW |
| Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | |||||
| CVE-2019-4321 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | |||||
| CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
| CVE-2021-43036 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | |||||
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-10-31 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-12 | N/A | 5.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-03 | N/A | 4.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | |||||
| CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2022-09-22 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
| CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 7.5 HIGH |
| HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | |||||
| CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2022-08-31 | N/A | 9.8 CRITICAL |
| RuoYi v3.8.3 has a Weak password vulnerability in the management system. | |||||
| CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2022-08-23 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | |||||
| CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2022-08-13 | N/A | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | |||||
| CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2022-08-10 | N/A | 9.8 CRITICAL |
| Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | |||||