Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6742 | 1 Basware | 1 Banking | 2025-04-12 | 6.5 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
| CVE-2014-4006 | 1 Sap | 1 Oil Industry Solution Traders And Schedulers Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2012-6695 | 1 Gehealthcare | 1 Centricity Pacs Workstation | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | |||||
| CVE-2014-8527 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | 3.6 LOW | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password." | |||||
| CVE-2014-3298 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | 4.0 MEDIUM | N/A |
| Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. | |||||
| CVE-2016-1341 | 1 Cisco | 1 Nx-os | 2025-04-12 | 6.9 MEDIUM | 9.8 CRITICAL |
| Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. | |||||
| CVE-2015-1455 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 7.5 HIGH | N/A |
| Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2025-04-12 | 7.5 HIGH | N/A |
| SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-9006 | 1 Monstra | 1 Monstra | 2025-04-12 | 5.0 MEDIUM | N/A |
| Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | |||||
| CVE-2014-5422 | 1 Carefusion | 1 Pyxis Supplystation | 2025-04-12 | 9.7 HIGH | N/A |
| CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-3968 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. | |||||
| CVE-2016-6531 | 1 Opendental | 1 Opendental | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction. | |||||
| CVE-2016-4325 | 1 Lantronix | 1 Xprintserver Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | |||||
| CVE-2014-2942 | 1 Cobham | 2 Aviator 700d, Aviator 700e | 2025-04-12 | 7.2 HIGH | N/A |
| Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. | |||||
| CVE-2015-3799 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | N/A |
| The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | |||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-8611 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password. | |||||
| CVE-2015-7911 | 1 Saia Burgess Controls | 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more | 2025-04-12 | 10.0 HIGH | 9.1 CRITICAL |
| Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | |||||