Total
728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3271 | 1 Emc | 1 Rsa Authentication Agent | 2025-04-11 | 5.0 MEDIUM | N/A |
| EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | |||||
| CVE-2010-5290 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 10.0 HIGH | N/A |
| The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861. | |||||
| CVE-2011-4142 | 1 Emc | 1 Sourceone Email Management | 2025-04-11 | 2.1 LOW | N/A |
| The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2010-0599 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505. | |||||
| CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | |||||
| CVE-2011-0885 | 1 Smc Networks | 2 Smcd3g-ccr, Smcd3g-ccr Firmware | 2025-04-11 | 10.0 HIGH | N/A |
| A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface. | |||||
| CVE-2008-7255 | 1 Amsn | 1 Amsn | 2025-04-11 | 4.6 MEDIUM | N/A |
| login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. | |||||
| CVE-2009-5066 | 1 Redhat | 2 Jboss Community Application Server, Jboss Enterprise Application Platform | 2025-04-11 | 2.1 LOW | N/A |
| twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | |||||
| CVE-2012-5616 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2025-04-11 | 1.5 LOW | N/A |
| Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API. | |||||
| CVE-2012-2743 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | 5.0 MEDIUM | N/A |
| Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | |||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2025-04-11 | 10.0 HIGH | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | |||||
| CVE-2009-4945 | 1 Atutor | 1 Acollab | 2025-04-11 | 7.5 HIGH | N/A |
| AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | |||||
| CVE-2012-1493 | 1 F5 | 25 Big-ip 1000, Big-ip 11000, Big-ip 11050 and 22 more | 2025-04-11 | 7.8 HIGH | N/A |
| F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | |||||
| CVE-2013-5636 | 1 Checkpoint | 1 Endpoint Security | 2025-04-11 | 3.3 LOW | N/A |
| Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses. | |||||
| CVE-2012-6088 | 1 Rpm | 1 Rpm | 2025-04-11 | 4.3 MEDIUM | N/A |
| The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. | |||||
| CVE-2012-3538 | 1 Redhat | 1 Cloudforms | 2025-04-11 | 3.3 LOW | N/A |
| Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | |||||
| CVE-2011-1007 | 1 Bestpractical | 1 Rt | 2025-04-11 | 2.1 LOW | N/A |
| Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout. | |||||
| CVE-2012-2690 | 1 Libguestfs | 1 Libguestfs | 2025-04-11 | 2.1 LOW | N/A |
| virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | |||||
| CVE-2012-2664 | 1 Redhat | 1 Sos | 2025-04-11 | 4.3 MEDIUM | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | |||||
| CVE-2011-0951 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 5.0 MEDIUM | N/A |
| The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | |||||