Total
736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6110 | 3 Ibm, Linux, Microsoft | 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more | 2017-05-24 | 2.1 LOW | 6.5 MEDIUM |
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||||
CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||||
CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2017-04-28 | 6.9 MEDIUM | 7.0 HIGH |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2017-04-19 | 7.5 HIGH | 9.8 CRITICAL |
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | |||||
CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 5.0 MEDIUM | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 10.0 HIGH | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||||
CVE-2016-2311 | 1 Blackbox | 22 Alertwerks Servsensor Eme106a, Alertwerks Servsensor Eme108a-r2, Alertwerks Servsensor Eme109a-r2 and 19 more | 2017-04-07 | 4.0 MEDIUM | 6.5 MEDIUM |
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors. | |||||
CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2017-03-27 | 5.0 MEDIUM | 9.8 CRITICAL |
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2016-8375 | 1 Bd | 1 Alaris 8015 Pc Unit | 2017-03-16 | 1.9 LOW | 4.9 MEDIUM |
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. | |||||
CVE-2016-9355 | 1 Bd | 1 Alaris 8015 Pc Unit | 2017-03-16 | 2.1 LOW | 5.3 MEDIUM |
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience. | |||||
CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2017-03-15 | 4.3 MEDIUM | 8.1 HIGH |
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2017-03-14 | 4.3 MEDIUM | 8.1 HIGH |
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | |||||
CVE-2016-8566 | 1 Siemens | 1 Sicam Pas | 2017-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||
CVE-2016-4670 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-02-21 | 2.1 LOW | 3.3 LOW |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log. | |||||
CVE-2016-9348 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 2.1 LOW | 3.3 LOW |
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. | |||||
CVE-2016-8378 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2017-02-17 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. | |||||
CVE-2016-5950 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |||||
CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2017-02-09 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||||
CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2017-02-09 | 2.1 LOW | 5.5 MEDIUM |
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||||
CVE-2016-3130 | 1 Blackberry | 1 Enterprise Service | 2017-02-02 | 4.3 MEDIUM | 8.1 HIGH |
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. |