Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7674 | 1 Mobotix | 2 S14, S14 Firmware | 2024-11-21 | N/A |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. | ||||
| CVE-2019-7488 | 1 Sonicwall | 1 Email Security Appliance | 2024-11-21 | 9.8 Critical |
| Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | ||||
| CVE-2019-6558 | 1 Auto-maskin | 5 Dcu 210e, Dcu 210e Firmware, Marine Pro Observer and 2 more | 2024-11-21 | 7.5 High |
| In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | ||||
| CVE-2019-4698 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 7.5 High |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. | ||||
| CVE-2019-4576 | 2 Ibm, Linux | 2 Qradar Network Packet Capture, Linux Kernel | 2024-11-21 | 9.8 Critical |
| IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803. | ||||
| CVE-2019-4565 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 7.5 High |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | ||||
| CVE-2019-4321 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 7.5 High |
| IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | ||||
| CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2024-11-21 | 7.5 High |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | ||||
| CVE-2019-4067 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 7.5 High |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. | ||||
| CVE-2019-3758 | 1 Rsa | 1 Archer | 2024-11-21 | 9.8 Critical |
| RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | ||||
| CVE-2019-19747 | 1 Neuvector | 1 Neuvector | 2024-11-21 | 9.8 Critical |
| NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords). | ||||
| CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | ||||
| CVE-2019-19093 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 Medium |
| eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | ||||
| CVE-2019-18872 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | ||||
| CVE-2019-18828 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2024-11-21 | 6.8 Medium |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. | ||||
| CVE-2019-17444 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 9.8 Critical |
| Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. | ||||
| CVE-2019-14833 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2024-11-21 | 5.4 Medium |
| A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | ||||
| CVE-2019-13918 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-6312 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2024-11-21 | 7.2 High |
| A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. | ||||
| CVE-2018-5389 | 1 Ietf | 1 Internet Key Exchange | 2024-11-21 | N/A |
| The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. | ||||