Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45635 | 1 Megafeis | 1 Bofei Dbd\+ | 2024-08-03 | 7.5 High |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | ||||
| CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2024-08-03 | 9.8 Critical |
| Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||||
| CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2024-08-03 | 9.8 Critical |
| Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | ||||
| CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2024-08-03 | 7.2 High |
| Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | ||||
| CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-03 | 2.4 Low |
| Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | ||||
| CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2024-08-03 | 9.8 Critical |
| RuoYi v3.8.3 has a Weak password vulnerability in the management system. | ||||
| CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2024-08-03 | 9.8 Critical |
| BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | ||||
| CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2024-08-03 | 9.8 Critical |
| Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | ||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2024-08-03 | 9.8 Critical |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | ||||
| CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2024-08-03 | 5.9 Medium |
| IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | ||||
| CVE-2022-32513 | 1 Schneider-electric | 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more | 2024-08-03 | 9.8 Critical |
| A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) | ||||
| CVE-2022-31211 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-08-03 | 9.8 Critical |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | ||||
| CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-08-03 | 8.8 High |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | ||||
| CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2024-08-03 | 7.5 High |
| Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | ||||
| CVE-2022-29700 | 1 Zammad | 1 Zammad | 2024-08-03 | 7.5 High |
| A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | ||||
| CVE-2022-28377 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2024-08-03 | 7.5 High |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU). | ||||
| CVE-2022-22110 | 1 Daybydaycrm | 1 Daybyday Crm | 2024-08-03 | 7.5 High |
| In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. | ||||
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-03 | 9.8 Critical |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2022-3376 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 5.3 Medium |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 4.3 Medium |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | ||||