Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1668 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 10.0 HIGH | 9.8 CRITICAL |
| Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. | |||||
| CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 3.3 LOW | 8.8 HIGH |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | |||||
| CVE-2022-2098 | 1 Kromit | 1 Titra | 2022-06-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. | |||||
| CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | |||||
| CVE-2022-29098 | 1 Dell | 1 Powerscale Onefs | 2022-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | |||||
| CVE-2022-1775 | 1 Trudesk Project | 1 Trudesk | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-29700 | 1 Zammad | 1 Zammad | 2022-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | |||||
| CVE-2022-1039 | 1 Redlion | 2 Da50n, Da50n Firmware | 2022-05-04 | 10.0 HIGH | 9.8 CRITICAL |
| The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password. | |||||
| CVE-2021-25309 | 1 Gigaset | 2 Dx600a, Dx600a Firmware | 2022-04-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. | |||||
| CVE-2022-1236 | 1 Weseek | 1 Growi | 2022-04-13 | 6.4 MEDIUM | 6.5 MEDIUM |
| Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0. | |||||
| CVE-2021-38935 | 1 Ibm | 1 Maximo Asset Management | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | |||||
| CVE-2012-2441 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2022-02-01 | 8.5 HIGH | N/A |
| RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. | |||||
| CVE-2022-22110 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. | |||||
| CVE-2021-20470 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. | |||||
| CVE-2020-8632 | 3 Canonical, Debian, Opensuse | 3 Cloud-init, Debian Linux, Leap | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | |||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2022-01-01 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||
| CVE-2021-39064 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957. | |||||
| CVE-2021-41696 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | |||||
| CVE-2021-43471 | 1 Canon | 2 Lbp223dw, Lbp223dw Firmware | 2021-12-07 | 7.8 HIGH | 7.5 HIGH |
| In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | |||||
| CVE-2021-40333 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2021-12-07 | 5.5 MEDIUM | 7.1 HIGH |
| Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | |||||