Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-255
Total 736 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6110 3 Ibm, Linux, Microsoft 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more 2017-05-24 2.1 LOW 6.5 MEDIUM
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2016-9750 1 Ibm 1 Qradar Security Information And Event Manager 2017-05-23 4.0 MEDIUM 6.5 MEDIUM
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.
CVE-2015-8109 1 Lenovo 1 Lenovo System Update 2017-04-28 6.9 MEDIUM 7.0 HIGH
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
CVE-2015-8282 1 Seawell Networks 1 Spectrum Sdc 2017-04-19 7.5 HIGH 9.8 CRITICAL
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2017-04-14 5.0 MEDIUM 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2017-04-14 10.0 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-2311 1 Blackbox 22 Alertwerks Servsensor Eme106a, Alertwerks Servsensor Eme108a-r2, Alertwerks Servsensor Eme109a-r2 and 19 more 2017-04-07 4.0 MEDIUM 6.5 MEDIUM
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.
CVE-2015-8626 1 Mediawiki 1 Mediawiki 2017-03-27 5.0 MEDIUM 9.8 CRITICAL
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2016-8375 1 Bd 1 Alaris 8015 Pc Unit 2017-03-16 1.9 LOW 4.9 MEDIUM
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.
CVE-2016-9355 1 Bd 1 Alaris 8015 Pc Unit 2017-03-16 2.1 LOW 5.3 MEDIUM
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience.
CVE-2016-10103 1 Hiteksoftware 1 Automize 2017-03-15 4.3 MEDIUM 8.1 HIGH
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14.
CVE-2016-10101 1 Hiteksoftware 1 Automize 2017-03-14 4.3 MEDIUM 8.1 HIGH
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.
CVE-2016-8566 1 Siemens 1 Sicam Pas 2017-02-28 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.
CVE-2016-4670 1 Apple 2 Iphone Os, Mac Os X 2017-02-21 2.1 LOW 3.3 LOW
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
CVE-2016-9348 1 Moxa 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more 2017-02-17 2.1 LOW 3.3 LOW
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext.
CVE-2016-8378 1 Lynxspring 1 Jenesys Bas Bridge 2017-02-17 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials.
CVE-2016-5950 1 Ibm 1 Kenexa Lcms Premier 2017-02-09 4.0 MEDIUM 6.5 MEDIUM
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
CVE-2016-8918 1 Ibm 1 Integration Bus 2017-02-09 4.3 MEDIUM 5.9 MEDIUM
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
CVE-2016-8967 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2017-02-09 2.1 LOW 5.5 MEDIUM
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-3130 1 Blackberry 1 Enterprise Service 2017-02-02 4.3 MEDIUM 8.1 HIGH
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.