Total
174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2160 | 1 Modoboa | 1 Modoboa | 2023-12-18 | 9.8 Critical |
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
CVE-2023-1753 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | 9.8 Critical |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
CVE-2023-0793 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | 8.8 High |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
CVE-2023-0564 | 1 Froxlor | 1 Froxlor | 2023-12-18 | 7.5 High |
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
CVE-2023-24049 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2023-12-08 | 9.8 Critical |
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | ||||
CVE-2023-29974 | 1 Pfsense | 1 Pfsense | 2023-11-16 | 9.8 Critical |
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | ||||
CVE-2023-41353 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 8.8 High |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | ||||
CVE-2019-9123 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2023-11-08 | 9.8 Critical |
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | ||||
CVE-2023-3089 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more | 2023-11-07 | 7.5 High |
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | ||||
CVE-2023-37756 | 1 I-doit | 1 I-doit | 2023-11-07 | 9.8 Critical |
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack. | ||||
CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2023-11-07 | 7.5 High |
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | ||||
CVE-2021-35498 | 1 Tibco | 2 Ebx, Product And Service Catalog Powered By Tibco Ebx | 2023-11-07 | 9.8 Critical |
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. | ||||
CVE-2021-1522 | 1 Cisco | 1 Connected Mobile Experiences | 2023-11-07 | 4.3 Medium |
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements. | ||||
CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-11-07 | 6.7 Medium |
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | ||||
CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2023-11-07 | 7.5 High |
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | ||||
CVE-2019-14833 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2023-11-07 | 5.4 Medium |
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | ||||
CVE-2023-37503 | 1 Hcltech | 1 Hcl Compass | 2023-10-25 | 9.8 Critical |
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | ||||
CVE-2023-40707 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2023-08-29 | 7.5 High |
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials. | ||||
CVE-2023-4125 | 1 Answer | 1 Answer | 2023-08-08 | 8.8 High |
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. | ||||
CVE-2023-34995 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2023-07-13 | 9.8 Critical |
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. |