Export limit exceeded: 334660 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2664 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | ||||
| CVE-2012-2690 | 2 Libguestfs, Redhat | 2 Libguestfs, Enterprise Linux | 2025-04-11 | N/A |
| virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | ||||
| CVE-2012-2742 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. | ||||
| CVE-2012-2743 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | ||||
| CVE-2012-4574 | 2 Cloudforms Tools, Redhat | 3 1, Cloudforms, Rhui | 2025-04-11 | N/A |
| Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. | ||||
| CVE-2012-4577 | 1 Korenix | 1 Jetport | 2025-04-11 | N/A |
| The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. | ||||
| CVE-2012-4588 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2025-04-11 | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. | ||||
| CVE-2012-4610 | 1 Emc | 1 Avamar | 2025-04-11 | N/A |
| EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. | ||||
| CVE-2012-4697 | 1 Turck | 4 Bl20 Programmable Gateway, Bl20 Programmable Gateway Firmware, Bl67 Programmable Gateway and 1 more | 2025-04-11 | N/A |
| TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session. | ||||
| CVE-2012-4702 | 1 360systems | 3 Image Server 2000, Image Server Maxx, Maxx | 2025-04-11 | N/A |
| 360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session. | ||||
| CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | ||||
| CVE-2012-4856 | 1 Ibm | 2 Power 5, Power 5 System Firmware | 2025-04-11 | N/A |
| The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-4862 | 1 Ibm | 1 Rational Developer For System Z | 2025-04-11 | N/A |
| The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2025-04-11 | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | ||||
| CVE-2012-6088 | 1 Rpm | 1 Rpm | 2025-04-11 | 6.2 Medium |
| The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. | ||||
| CVE-2012-6115 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-11 | N/A |
| The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2013-0128 | 1 Tigertext | 1 Tigertext | 2025-04-11 | N/A |
| The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to an e-mail endpoint. | ||||
| CVE-2013-0142 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2025-04-11 | N/A |
| QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | ||||
| CVE-2013-1649 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | N/A |
| Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | ||||
| CVE-2013-1815 | 1 Redhat | 4 Openstack, Openstack Essex, Openstack Folsom and 1 more | 2025-04-11 | N/A |
| PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | ||||