Total
772 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2743 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | ||||
| CVE-2013-6034 | 6 Gatehouse, Harris, Hughes Network Systems and 3 more | 9 Gatehouse, Bgan, 9201 and 6 more | 2025-04-11 | N/A |
| The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors. | ||||
| CVE-2011-4515 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | N/A |
| Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. | ||||
| CVE-2012-2742 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. | ||||
| CVE-2012-2690 | 2 Libguestfs, Redhat | 2 Libguestfs, Enterprise Linux | 2025-04-11 | N/A |
| virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | ||||
| CVE-2012-2664 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | ||||
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2025-04-11 | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2025-04-11 | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | ||||
| CVE-2012-2299 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
| The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | ||||
| CVE-2012-2284 | 2 Emc, Microsoft | 2 Networker Module For Microsoft Applications, Exchange Server | 2025-04-11 | N/A |
| The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | ||||
| CVE-2012-2173 | 1 Ibm | 1 Security Appscan Source | 2025-04-11 | N/A |
| The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-2054 | 1 Redmine | 1 Redmine | 2025-04-11 | N/A |
| Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327. | ||||
| CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2025-04-11 | N/A |
| vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | ||||
| CVE-2012-4952 | 1 Dentrix | 1 G5 | 2025-04-11 | N/A |
| Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation. | ||||
| CVE-2012-2980 | 5 Att, Htc, Samsung and 2 more | 9 Status, Chacha, Desire and 6 more | 2025-04-11 | N/A |
| The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. | ||||
| CVE-2012-1288 | 1 Utc | 1 Utc Fire \& Security Ge-mc100-ntp\/gps-zb Master Clock Device | 2025-04-11 | N/A |
| The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. | ||||
| CVE-2011-5204 | 1 Akiva | 1 Webboard | 2025-04-11 | N/A |
| Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. | ||||
| CVE-2011-3434 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2012-3428 | 2 Jboss, Redhat | 2 Ironjacamar, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. | ||||
| CVE-2011-4739 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. | ||||