Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2022-12-05 | N/A | 9.8 CRITICAL |
| Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||
| CVE-2019-4321 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | |||||
| CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
| CVE-2021-43036 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | |||||
| CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2022-11-17 | N/A | 7.2 HIGH |
| Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | |||||
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-10-31 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-12 | N/A | 5.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-03 | N/A | 4.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | |||||
| CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2022-09-22 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
| CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 7.5 HIGH |
| HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | |||||
| CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2022-08-31 | N/A | 9.8 CRITICAL |
| RuoYi v3.8.3 has a Weak password vulnerability in the management system. | |||||
| CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2022-08-23 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | |||||
| CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2022-08-13 | N/A | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | |||||
| CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2022-08-10 | N/A | 9.8 CRITICAL |
| Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | |||||
| CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2022-08-08 | N/A | 7.5 HIGH |
| BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | |||||
| CVE-2020-26201 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2022-08-06 | 10.0 HIGH | 9.8 CRITICAL |
| Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH. | |||||
| CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2022-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | |||||
| CVE-2022-28377 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2022-07-21 | N/A | 7.5 HIGH |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU). | |||||