Export limit exceeded: 362833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9100 1 Broadcom 2 Advanced Secure Gateway, Symantec Proxysg 2025-04-20 N/A
Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
CVE-2016-1265 1 Juniper 1 Junos Space 2025-04-20 N/A
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2025-04-20 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-4996 1 Redhat 3 Enterprise Linux Server, Satellite, Satellite Capsule 2025-04-20 N/A
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2025-04-20 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2014-8357 1 Dasanzhone 2 Znid 2426a, Znid 2426a Firmware 2025-04-20 N/A
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.
CVE-2016-10101 1 Hiteksoftware 1 Automize 2025-04-20 N/A
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.
CVE-2016-8962 1 Ibm 1 Bigfix Inventory 2025-04-20 N/A
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.
CVE-2016-6904 1 Netapp 1 Vasa Provider 2025-04-20 N/A
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
CVE-2016-8918 1 Ibm 1 Integration Bus 2025-04-20 N/A
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
CVE-2016-6815 1 Apache 1 Ranger 2025-04-20 N/A
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
CVE-2016-6110 3 Ibm, Linux, Microsoft 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more 2025-04-20 N/A
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2016-6093 1 Ibm 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2016-5950 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 N/A
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
CVE-2016-2972 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.
CVE-2015-4684 1 Polycom 1 Realpresence Resource Manager 2025-04-20 N/A
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
CVE-2016-9739 1 Ibm 1 Security Identity Manager 2025-04-20 N/A
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-9750 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.
CVE-2016-5411 1 Redhat 2 Enterprise Linux, Quickstart Cloud Installer 2025-04-20 N/A
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVE-2016-8967 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2025-04-20 N/A
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.