CWE:
 

Topic
Date
Author
High
Infoblox 6.8.4.x Weak MySQL Password
10.07.2014
Nate Kettlewell


CVEMAP Search Results

CVE
Details
Description
2019-11-06
Medium
CVE-2019-14833

Vendor: Samba
Software: Samba
 

 
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

 
2019-10-29
Medium
CVE-2011-4931

Updating...
 

 
gpw generates shorter passwords than required

 
2019-09-20
Medium
CVE-2019-4565

Vendor: IBM
Software: Security key...
 

 
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

 
2019-09-13
Medium
CVE-2019-13918

Vendor: Siemens
Software: Sinema remot...
 

 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

 
2018-12-17
Medium
CVE-2017-1597

Vendor: IBM
Software: Security gua...
 

 
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610.

 
2018-12-12
Medium
CVE-2018-15719

Vendor: Opendental
Software: Opendental
 

 
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

 
2018-11-20
Low
CVE-2018-18562

Updating...
 

 
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface.

 
2018-11-07
High
CVE-2018-19064

Vendor: Foscam
Software: C2 applicati...
 

 
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.

 
2018-09-06
Low
CVE-2018-5389

Vendor: IETF
Software: Internet key...
 

 
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.

 
2018-08-24
Medium
CVE-2017-9818

Vendor: NPCI
Software: Bharat inter...
 

 
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top