Total
765 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-5324 | 1 Gehealthcare | 1 Centricity Pacs-iw | 2025-04-12 | N/A |
The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2014-7823 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2025-04-12 | N/A |
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||||
CVE-2014-8527 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password." | ||||
CVE-2014-8656 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2025-04-12 | N/A |
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | ||||
CVE-2014-9248 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | ||||
CVE-2014-9251 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. | ||||
CVE-2015-0529 | 1 Emc | 1 Powerpath Virtual Appliance | 2025-04-12 | N/A |
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | ||||
CVE-2015-0924 | 1 Ceragon | 3 Fiberair Ip-10c, Fiberair Ip-10e, Fiberair Ip-10g | 2025-04-12 | N/A |
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. | ||||
CVE-2015-0995 | 1 Inductiveautomation | 1 Ignition | 2025-04-12 | N/A |
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | ||||
CVE-2015-1950 | 1 Ibm | 1 Powervc | 2025-04-12 | N/A |
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code. | ||||
CVE-2012-6660 | 1 Gehealthcare | 1 Precision Mpi | 2025-04-12 | N/A |
GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2015-3252 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | ||||
CVE-2010-5318 | 1 Basic-cms | 1 Sweetrice | 2025-04-12 | N/A |
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. | ||||
CVE-2010-5310 | 1 Gehealthcare | 1 Revolution Xq\/i | 2025-04-12 | N/A |
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2012-6693 | 1 Gehealthcare | 1 Centricity Pacs Server | 2025-04-12 | N/A |
GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. | ||||
CVE-2012-6695 | 1 Gehealthcare | 1 Centricity Pacs Workstation | 2025-04-12 | N/A |
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2015-5988 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||||
CVE-2015-6032 | 1 Qolsys | 1 Iq Panel | 2025-04-12 | N/A |
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | ||||
CVE-2014-4007 | 1 Sap | 1 Upgrade Tools | 2025-04-12 | N/A |
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
CVE-2010-5308 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2025-04-12 | N/A |
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. |