Total
768 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-1815 | 1 Redhat | 4 Openstack, Openstack Essex, Openstack Folsom and 1 more | 2025-04-11 | N/A |
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | ||||
CVE-2013-2297 | 1 Eucalyptus | 1 Eustore | 2025-04-11 | N/A |
Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069. | ||||
CVE-2013-3038 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | N/A |
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | ||||
CVE-2013-3271 | 1 Emc | 1 Rsa Authentication Agent | 2025-04-11 | N/A |
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | ||||
CVE-2013-3272 | 1 Emc | 1 Replication Manager | 2025-04-11 | N/A |
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. | ||||
CVE-2013-3279 | 1 Emc | 1 Atmos | 2025-04-11 | N/A |
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | ||||
CVE-2013-3409 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2025-04-11 | N/A |
The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. | ||||
CVE-2013-3454 | 1 Cisco | 11 Telepresence System 1300, Telepresence System 1300-65, Telepresence System 3000 and 8 more | 2025-04-11 | N/A |
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | ||||
CVE-2013-3455 | 1 Cisco | 1 Finesse | 2025-04-11 | N/A |
Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. | ||||
CVE-2013-3471 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | ||||
CVE-2013-3502 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie. | ||||
CVE-2013-3497 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2025-04-11 | N/A |
Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | ||||
CVE-2013-4031 | 1 Ibm | 30 Bladecenter, Flex System X220 Compute Node, Flex System X240 Compute Node and 27 more | 2025-04-11 | N/A |
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. | ||||
CVE-2013-4091 | 1 Imperva | 1 Securesphere | 2025-04-11 | N/A |
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
CVE-2013-4114 | 1 Henri Wahl | 1 Nagstamon | 2025-04-11 | N/A |
The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2013-4576 | 2 Gnupg, Redhat | 2 Gnupg, Enterprise Linux | 2025-04-11 | N/A |
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. | ||||
CVE-2013-4614 | 1 Canon | 9 Mg3100 Printer, Mg5300 Printer, Mg6100 Printer and 6 more | 2025-04-11 | N/A |
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation. | ||||
CVE-2013-4622 | 1 Htc | 1 Droid Incredible | 2025-04-11 | N/A |
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | ||||
CVE-2013-4629 | 1 Huawei | 2 Vp 9610, Vp 9620 | 2025-04-11 | N/A |
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method. | ||||
CVE-2013-4873 | 1 Yahoo | 1 Tumblr | 2025-04-11 | N/A |
The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. |