Export limit exceeded: 16384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2279 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4577 | 1 Korenix | 1 Jetport | 2025-04-11 | N/A |
| The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. | ||||
| CVE-2012-4574 | 2 Cloudforms Tools, Redhat | 3 1, Cloudforms, Rhui | 2025-04-11 | N/A |
| Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. | ||||
| CVE-2012-3720 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. | ||||
| CVE-2012-3538 | 2 Cloudforms Tools, Redhat | 2 1, Cloudforms | 2025-04-11 | N/A |
| Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | ||||
| CVE-2012-2743 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | ||||
| CVE-2012-2742 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. | ||||
| CVE-2012-2690 | 2 Libguestfs, Redhat | 2 Libguestfs, Enterprise Linux | 2025-04-11 | N/A |
| virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | ||||
| CVE-2012-2664 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | ||||
| CVE-2012-0814 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. | ||||
| CVE-2012-0813 | 1 David Paleino | 1 Wicd | 2025-04-11 | N/A |
| Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information. | ||||
| CVE-2012-0794 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | ||||
| CVE-2012-0034 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more | 2025-04-11 | N/A |
| The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | ||||
| CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2025-04-11 | N/A |
| contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | ||||
| CVE-2011-4730 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files. | ||||
| CVE-2011-4678 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | N/A |
| The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests. | ||||
| CVE-2011-4587 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | ||||
| CVE-2011-4555 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | N/A |
| One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address. | ||||
| CVE-2011-4515 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | N/A |
| Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. | ||||
| CVE-2011-2555 | 1 Cisco | 1 Telepresence Recording Server Software | 2025-04-11 | N/A |
| Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182. | ||||
| CVE-2011-1835 | 2 Ecryptfs, Redhat | 3 Ecryptfs-utils, Ecryptfs Utils, Enterprise Linux | 2025-04-11 | N/A |
| The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. | ||||