Total
141 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36689 | 1 Samourai-wallet-android Project | 1 Samourai-wallet-android | 2023-03-10 | N/A | 5.5 MEDIUM |
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. | |||||
CVE-2023-0793 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-02-23 | N/A | 8.8 HIGH |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
CVE-2022-26117 | 1 Fortinet | 1 Fortinac | 2023-02-16 | N/A | 8.8 HIGH |
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | |||||
CVE-2023-0641 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2023-02-08 | N/A | 9.1 CRITICAL |
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | |||||
CVE-2022-32513 | 1 Schneider-electric | 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more | 2023-02-08 | N/A | 9.8 CRITICAL |
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) | |||||
CVE-2023-0569 | 1 Publify Project | 1 Publify | 2023-02-06 | N/A | 6.5 MEDIUM |
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2023-0564 | 1 Froxlor | 1 Froxlor | 2023-02-03 | N/A | 7.5 HIGH |
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
CVE-2019-4067 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. | |||||
CVE-2023-0307 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-23 | N/A | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
CVE-2023-22451 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-01-09 | N/A | 8.8 HIGH |
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. | |||||
CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2022-12-19 | N/A | 9.8 CRITICAL |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | |||||
CVE-2021-39434 | 1 Zkteco | 1 Zktime | 2022-12-08 | N/A | 7.5 HIGH |
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | |||||
CVE-2019-4565 | 1 Ibm | 1 Security Key Lifecycle Manager | 2022-12-07 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | |||||
CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2022-12-05 | N/A | 2.7 LOW |
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | |||||
CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2022-12-05 | N/A | 9.8 CRITICAL |
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||
CVE-2019-4321 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | |||||
CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
CVE-2021-43036 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | |||||
CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2022-11-21 | 5.0 MEDIUM | 7.5 HIGH |
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||||
CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2022-11-17 | N/A | 7.2 HIGH |
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges |