Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5253 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Keystone, Openstack 2025-04-12 N/A
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
CVE-2016-9479 1 B2evolution 1 B2evolution 2025-04-12 N/A
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
CVE-2014-5351 1 Mit 1 Kerberos 5 2025-04-12 N/A
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
CVE-2014-0105 2 Openstack, Redhat 3 Python-keystoneclient, Openstack, Storage 2025-04-12 N/A
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
CVE-2014-0645 1 Emc 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more 2025-04-12 N/A
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.
CVE-2014-5420 1 Carefusion 1 Pyxis Supplystation 2025-04-12 N/A
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.
CVE-2014-5421 1 Carefusion 1 Pyxis Supplystation 2025-04-12 N/A
CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access.
CVE-2014-5422 1 Carefusion 1 Pyxis Supplystation 2025-04-12 N/A
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-5423 1 Carefusion 1 Pyxis Supplystation 2025-04-12 N/A
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.
CVE-2016-9209 1 Cisco 1 Firepower Services For Adaptive Security Appliance 2025-04-12 N/A
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10.
CVE-2016-8600 1 Dotcms 1 Dotcms 2025-04-12 N/A
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
CVE-2014-8034 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.
CVE-2016-8503 1 Yandex 1 Yandex Browser 2025-04-12 N/A
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVE-2014-8152 1 Apache 1 Santuario Xml Security For Java 2025-04-12 N/A
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.
CVE-2014-8636 1 Mozilla 2 Firefox, Seamonkey 2025-04-12 N/A
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
CVE-2014-8656 1 Compal Broadband Networks 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware 2025-04-12 N/A
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
CVE-2014-8779 1 Pexip 1 Pexip Infinity 2025-04-12 N/A
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
CVE-2006-7253 1 Gehealthcare 1 Infinia Ii 2025-04-12 N/A
GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.
CVE-2001-1594 1 Gehealthcare 1 Entegra P\&r 2025-04-12 N/A
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2014-9687 1 Ecryptfs 1 Ecryptfs-utils 2025-04-12 N/A
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.