Total
728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6554 | 1 Synology | 6 Ds107, Ds107 Firmware, Ds116 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device. | |||||
| CVE-2016-6553 | 1 Nuuo | 2 Nt-4040 Titan, Nt-4040 Titan Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device. | |||||
| CVE-2016-6552 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. | |||||
| CVE-2016-6551 | 1 Intelliantech | 26 T100q, T100q Firmware, T100w and 23 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device. | |||||
| CVE-2016-6547 | 1 Nutspace | 1 Nut Mobile | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | |||||
| CVE-2016-6546 | 1 Kkmcn | 1 Itrackeasy | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext. | |||||
| CVE-2016-6538 | 1 Thetrackr | 2 Trackr Bravo, Trackr Bravo Firmware | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | |||||
| CVE-2016-3952 | 1 Web2py | 1 Web2py | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. | |||||
| CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
| CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | |||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | |||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | |||||
| CVE-2015-9240 | 1 Keystonejs | 1 Keystone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. | |||||
| CVE-2015-4400 | 1 Ring | 2 Ring, Ring Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. | |||||
| CVE-2015-1320 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-8335 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-6111 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. | |||||
| CVE-2014-5433 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | |||||
| CVE-2014-5002 | 1 Lynx Project | 1 Lynx | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | |||||