Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3650 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.
CVE-2012-6693 1 Gehealthcare 1 Centricity Pacs Server 2025-04-12 N/A
GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.
CVE-2012-6694 1 Gehealthcare 2 Centricity Pacs Server, Centricity Pacs Workstation 2025-04-12 N/A
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
CVE-2012-6695 1 Gehealthcare 1 Centricity Pacs Workstation 2025-04-12 N/A
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2015-0005 1 Microsoft 3 Windows 2003 Server, Windows Server 2008, Windows Server 2012 2025-04-12 N/A
The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."
CVE-2013-6372 2 Jenkins-ci, Redhat 2 Subversion-plugin, Openshift 2025-04-12 N/A
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
CVE-2013-7382 1 Vicidial 1 Vicidial 2025-04-12 N/A
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
CVE-2014-0085 1 Redhat 3 Jboss A-mq, Jboss Amq, Jboss Fuse 2025-04-12 N/A
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
CVE-2014-0347 1 Websense 5 Triton Unified Security Center, Triton Web Filter, Triton Web Security and 2 more 2025-04-12 N/A
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
CVE-2014-0354 1 Zyxel 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware 2025-04-12 N/A
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.
CVE-2014-2224 1 Plogger 1 Plogger 2025-04-12 N/A
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions.
CVE-2014-3665 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
CVE-2015-8338 1 Xen 1 Xen 2025-04-12 N/A
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
CVE-2014-2942 1 Cobham 2 Aviator 700d, Aviator 700e 2025-04-12 N/A
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.
CVE-2014-3068 2 Ibm, Redhat 3 Java, Network Satellite, Rhel Extras 2025-04-12 N/A
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
CVE-2014-3220 1 F5 1 Big-iq 2025-04-12 N/A
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
CVE-2016-5145 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
CVE-2016-0137 1 Microsoft 1 Office 2025-04-12 N/A
The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."
CVE-2015-8803 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-8804 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.