Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6558 | 1 Auto-maskin | 5 Dcu 210e, Dcu 210e Firmware, Marine Pro Observer and 2 more | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | |||||
| CVE-2020-6995 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2020-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2020-6991 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | |||||
| CVE-2019-9096 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. | |||||
| CVE-2020-7940 | 1 Plone | 1 Plone | 2020-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. | |||||
| CVE-2019-19747 | 1 Neuvector | 1 Neuvector | 2020-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords). | |||||
| CVE-2019-7488 | 1 Sonicwall | 1 Email Security Appliance | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | |||||
| CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2019-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||||
| CVE-2011-4931 | 2 Debian, Gpw Project | 2 Debian Linux, Gpw | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| gpw generates shorter passwords than required | |||||
| CVE-2019-13918 | 1 Siemens | 1 Sinema Remote Connect Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-5389 | 1 Ietf | 1 Internet Key Exchange | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. | |||||
| CVE-2018-1101 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. | |||||
| CVE-2018-15719 | 1 Opendental | 1 Opendental | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. | |||||
| CVE-2018-0204 | 1 Cisco | 1 Prime Collaboration Provisioning | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by using a brute-force attack (Repeated Bad Login Attempts). A successful exploit could allow the attacker to restrict user access. Manual administrative intervention is required to restore access. Cisco Bug IDs: CSCvd07264. | |||||
| CVE-2017-3186 | 1 Acti | 1 Camera Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. | |||||
| CVE-2017-1597 | 1 Ibm | 1 Security Guardium | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. | |||||
| CVE-2017-16727 | 1 Moxa | 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | |||||
| CVE-2017-1386 | 1 Ibm | 2 Api Connect, Api Management | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160. | |||||
| CVE-2017-12861 | 1 Epson | 1 Easymp | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device | |||||
| CVE-2018-19064 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. | |||||