Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4286 | 2025-05-05 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. | |||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | |||||
| CVE-2013-3734 | 1 Redhat | 1 Jboss Application Server | 2025-04-20 | 6.0 MEDIUM | 6.6 MEDIUM |
| The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console | |||||
| CVE-2016-8962 | 1 Ibm | 1 Bigfix Inventory | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||||
| CVE-2016-0872 | 1 Kabona | 1 Webdatorcentral | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. | |||||
| CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||||
| CVE-2016-4996 | 1 Redhat | 2 Enterprise Linux Server, Satellite | 2025-04-20 | 1.9 LOW | 7.0 HIGH |
| discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | |||||
| CVE-2016-6815 | 1 Apache | 1 Ranger | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | |||||
| CVE-2016-3704 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | |||||
| CVE-2016-9100 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. | |||||
| CVE-2015-4684 | 1 Polycom | 1 Realpresence Resource Manager | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. | |||||
| CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | |||||
| CVE-2016-8967 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||||
| CVE-2016-9081 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. | |||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | |||||
| CVE-2016-7062 | 1 Redhat | 2 Storage Console, Storage Console Node | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | |||||
| CVE-2016-8375 | 1 Bd | 1 Alaris 8015 Pc Unit | 2025-04-20 | 1.9 LOW | 4.9 MEDIUM |
| An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. | |||||
| CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||||
| CVE-2014-8357 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
| backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | |||||