CWE:
 

Topic
Date
Author
High
Infoblox 6.8.4.x Weak MySQL Password
10.07.2014
Nate Kettlewell


CVEMAP Search Results

CVE
Details
Description
2021-12-06
High
CVE-2021-43471

Updating...
 

 
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.

 
Medium
CVE-2021-43036

Vendor: Kaseya
Software: Unitrends backup
 

 
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.

 
2021-12-03
Medium
CVE-2021-20470

Vendor: IBM
Software: Cognos analytics
 

 
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

 
2021-12-02
Medium
CVE-2021-40333

Updating...
 

 
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

 
2021-10-30
Medium
CVE-2021-36808

Vendor: Sophos
Software: Sophos secur...
 

 
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.

 
2021-10-19
Medium
CVE-2021-38462

Updating...
 

 
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.

 
2021-10-13
High
CVE-2021-35498

Vendor: Tibco
Software: EBX
 

 
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.

 
2021-09-30
Medium
CVE-2021-41296

Vendor: ECOA
Software: Riskterminator
 

 
ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

 
2021-08-11
Medium
CVE-2021-20418

Updating...
 

 
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.

 
2021-08-04
Low
CVE-2021-1522

Vendor: Cisco
Software: Connected mo...
 

 
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top