ReportizFlow
Filtered by vendor
Subscriptions
Total
757 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6694 | 1 Gehealthcare | 2 Centricity Pacs Server, Centricity Pacs Workstation | 2024-11-21 | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. | ||||
| CVE-2012-6693 | 1 Gehealthcare | 1 Centricity Pacs Server | 2024-11-21 | N/A |
| GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. | ||||
| CVE-2012-6660 | 1 Gehealthcare | 1 Precision Mpi | 2024-11-21 | N/A |
| GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2012-6596 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493. | ||||
| CVE-2012-6428 | 1 Carlosgavazzi | 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware | 2024-11-21 | N/A |
| Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862. | ||||
| CVE-2012-6137 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2024-11-21 | N/A |
| rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. | ||||
| CVE-2012-6115 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
| The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2012-6088 | 1 Rpm | 1 Rpm | 2024-11-21 | 6.2 Medium |
| The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. | ||||
| CVE-2012-5616 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2024-11-21 | N/A |
| Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API. | ||||
| CVE-2012-5607 | 1 Owncloud | 1 Owncloud | 2024-11-21 | N/A |
| The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack." | ||||
| CVE-2012-5571 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2024-11-21 | N/A |
| OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | ||||
| CVE-2012-5563 | 2 Openstack, Redhat | 2 Folsom, Openstack | 2024-11-21 | N/A |
| OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression. | ||||
| CVE-2012-4952 | 1 Dentrix | 1 G5 | 2024-11-21 | N/A |
| Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation. | ||||
| CVE-2012-4933 | 1 Novell | 1 Zenworks Asset Management | 2024-11-21 | N/A |
| The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | ||||
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2024-11-21 | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | ||||
| CVE-2012-4862 | 1 Ibm | 1 Rational Developer For System Z | 2024-11-21 | N/A |
| The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-4856 | 1 Ibm | 2 Power 5, Power 5 System Firmware | 2024-11-21 | N/A |
| The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2024-11-21 | N/A |
| Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | ||||
| CVE-2012-4702 | 1 360systems | 3 Image Server 2000, Image Server Maxx, Maxx | 2024-11-21 | N/A |
| 360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session. | ||||
| CVE-2012-4697 | 1 Turck | 4 Bl20 Programmable Gateway, Bl20 Programmable Gateway Firmware, Bl67 Programmable Gateway and 1 more | 2024-11-21 | N/A |
| TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session. | ||||