Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6554 | 1 Synology | 6 Ds107, Ds107 Firmware, Ds116 and 3 more | 2024-08-06 | N/A |
| Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device. | ||||
| CVE-2016-6547 | 1 Nutspace | 1 Nut Mobile | 2024-08-06 | N/A |
| The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | ||||
| CVE-2016-6546 | 1 Kkmcn | 1 Itrackeasy | 2024-08-06 | N/A |
| The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext. | ||||
| CVE-2016-6538 | 1 Thetrackr | 2 Trackr Bravo, Trackr Bravo Firmware | 2024-08-06 | N/A |
| The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | ||||
| CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2024-08-06 | N/A |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2016-6110 | 3 Ibm, Linux, Microsoft | 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more | 2024-08-06 | N/A |
| IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | ||||
| CVE-2016-5838 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
| WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | ||||
| CVE-2016-5950 | 1 Ibm | 1 Kenexa Lcms Premier | 2024-08-06 | N/A |
| IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | ||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-08-06 | 6.7 Medium |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | ||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2024-08-06 | N/A |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | ||||
| CVE-2016-5670 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2024-08-06 | N/A |
| Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. | ||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2024-08-06 | N/A |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | ||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-08-06 | N/A |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | ||||
| CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-08-06 | N/A |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | ||||
| CVE-2016-4996 | 1 Redhat | 3 Enterprise Linux Server, Satellite, Satellite Capsule | 2024-08-06 | N/A |
| discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | ||||
| CVE-2016-4670 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-08-06 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log. | ||||
| CVE-2016-4527 | 1 Abb | 1 Pcm600 | 2024-08-06 | N/A |
| ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-4325 | 1 Lantronix | 1 Xprintserver Firmware | 2024-08-06 | N/A |
| Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | ||||
| CVE-2016-4028 | 1 Open-xchange | 1 Ox Guard | 2024-08-06 | N/A |
| An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker. | ||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2024-08-06 | N/A |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | ||||