Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4074 | 1 Cisco | 1 Unified Computing System | 2016-09-23 | 5.8 MEDIUM | N/A |
| The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. | |||||
| CVE-2012-4088 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | 4.3 MEDIUM | N/A |
| The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | |||||
| CVE-2014-0709 | 1 Cisco | 1 Ucs Director | 2016-09-08 | 9.3 HIGH | N/A |
| Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | |||||
| CVE-2015-0529 | 1 Emc | 1 Powerpath Virtual Appliance | 2016-08-23 | 5.0 MEDIUM | N/A |
| EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | |||||
| CVE-2016-5670 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2016-08-15 | 10.0 HIGH | 9.8 CRITICAL |
| Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. | |||||
| CVE-2015-8945 | 1 Openshift | 1 Origin | 2016-08-05 | 1.9 LOW | 5.1 MEDIUM |
| openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | |||||
| CVE-2016-3749 | 1 Google | 1 Android | 2016-07-11 | 4.6 MEDIUM | 8.4 HIGH |
| server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930. | |||||
| CVE-2015-8289 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2016-06-21 | 4.3 MEDIUM | 7.5 HIGH |
| The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | |||||
| CVE-2016-4527 | 1 Abb | 1 Pcm600 | 2016-06-15 | 1.9 LOW | 3.3 LOW |
| ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2331 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2016-05-31 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2013-5755 | 1 Yealink | 1 Sip-t38g | 2016-05-26 | 10.0 HIGH | N/A |
| config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2016-4325 | 1 Lantronix | 1 Xprintserver Firmware | 2016-05-19 | 10.0 HIGH | 9.8 CRITICAL |
| Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | |||||
| CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2016-04-06 | 5.0 MEDIUM | N/A |
| sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
| CVE-2014-9251 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. | |||||
| CVE-2014-9248 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | |||||
| CVE-2015-7261 | 1 Qnap | 2 Iartist Lite, Signage Station | 2016-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | |||||
| CVE-2016-2230 | 1 Openelec | 1 Openelec | 2016-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |||||
| CVE-2016-0865 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-02-18 | 9.0 HIGH | 8.8 HIGH |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2015-6412 | 1 Cisco | 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software | 2016-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | |||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2016-01-21 | 2.1 LOW | 6.2 MEDIUM |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||