Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-10-31 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-11 | N/A | 5.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-03 | N/A | 4.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | |||||
| CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2022-09-22 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
| CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2022-37164 | 1 Ontrack Project | 1 Ontrack | 2022-09-14 | N/A | 9.8 CRITICAL |
| Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | |||||
| CVE-2022-37163 | 1 Ihatetobudget Project | 1 Ihatetobudget | 2022-09-13 | N/A | 9.8 CRITICAL |
| Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | |||||
| CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 7.5 HIGH |
| HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | |||||
| CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2022-08-31 | N/A | 9.8 CRITICAL |
| RuoYi v3.8.3 has a Weak password vulnerability in the management system. | |||||
| CVE-2022-34772 | 1 Tabit Technologies | 1 Tabit | 2022-08-26 | N/A | 8.8 HIGH |
| Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting. | |||||
| CVE-2022-35198 | 1 Contract Management System Project | 1 Contract Managment System | 2022-08-24 | N/A | 7.5 HIGH |
| Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | |||||
| CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2022-08-23 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | |||||
| CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2022-08-12 | N/A | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | |||||
| CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2022-08-10 | N/A | 9.8 CRITICAL |
| Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | |||||
| CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2022-08-08 | N/A | 7.5 HIGH |
| BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | |||||
| CVE-2020-26201 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2022-08-05 | 10.0 HIGH | 9.8 CRITICAL |
| Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH. | |||||
| CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | |||||
| CVE-2022-28377 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2022-07-20 | N/A | 7.5 HIGH |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU). | |||||
| CVE-2021-40520 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2022-07-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. | |||||