Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5400 | 1 Ibm | 1 Platform Symphony | 2025-04-11 | 10.0 HIGH | N/A |
| An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. | |||||
| CVE-2013-5535 | 1 Cisco | 3 Video Surveillance 4000 Ip Camera, Video Surveillance 4300e Ip Camera, Video Surveillance 4500e Ip Camera | 2025-04-11 | 6.4 MEDIUM | N/A |
| The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | |||||
| CVE-2010-3684 | 1 Synology | 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more | 2025-04-11 | 2.1 LOW | N/A |
| The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | |||||
| CVE-2012-4862 | 1 Ibm | 1 Rational Developer For System Z | 2025-04-11 | 2.1 LOW | N/A |
| The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-4873 | 1 Yahoo | 1 Tumblr | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-3038 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | |||||
| CVE-2010-0113 | 2 Google, Symantec | 2 Android, Mobile Security | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. | |||||
| CVE-2011-1623 | 1 Cisco | 2 Media Experience Engine 5600, Media Processing Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | |||||
| CVE-2013-3471 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | 4.3 MEDIUM | N/A |
| The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | |||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | |||||
| CVE-2008-1676 | 2 Netscape, Redhat | 2 Certificate Management System, Certificate System | 2025-04-09 | 7.5 HIGH | N/A |
| Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. | |||||
| CVE-2009-3516 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | |||||
| CVE-2009-0656 | 1 Asus | 1 Smartlogon | 2025-04-09 | 6.9 MEDIUM | N/A |
| Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user. | |||||
| CVE-2008-6588 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2025-04-09 | 10.0 HIGH | N/A |
| Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. | |||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2025-04-09 | 6.8 MEDIUM | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | |||||
| CVE-2008-3859 | 1 Davlin | 1 Thickbox Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | |||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | |||||
| CVE-2008-6191 | 1 Intrinsic | 1 Swimage Encore | 2025-04-09 | 2.1 LOW | N/A |
| Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2007-4594 | 1 Entrust | 1 Entelligence Security Provider | 2025-04-09 | 6.4 MEDIUM | N/A |
| Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-0224 | 1 Sandisk | 1 Cruzer Enterprise Usb | 2025-04-09 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||