EUVD-2024-47696

Malicious code in bioql PyPI...

GHSA-4RJ2-9GCX-5QHX MLflow has Weak Password Requirements

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

CVE-2023-37398

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

CVE-2023-35907

CVE-2023-35907 affects IBM Aspera Faspex versions 5.0.0–5.0.10, where default weak password requirements can allow attacker compromise of user accounts. The cited sources also show remediation: upgrade to Faspex 5.0.11 (IBM) to address the vulnerability. No exploitation details are provided in th...

CVE-2023-35907 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

CVE-2023-37398 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.43

Abstract Cross reference list for security vulnerabilities fixed in WebSphere Application Server Fix Pack 6.1.0.43 Content VULNERABILITY DETAILS: CVE ID:CVE-2011-1376 PM49712 DESCRIPTION: IBM Websphere Application Server, when running on IBM i operating systems, applies insecure permissions to...

Weak password vulnerability in H3C ER6300 routers

ER6300 is a high-performance full gigabit router for Internet cafes from H3C. A weak password vulnerability exists in the H3C ER6300 router, which can be exploited by an attacker to log in to the router's backend to obtain sensitive information...

Weak Password Vulnerability in Flying FishStar Next-Generation Firewall Security Gateway

Chengdu Flying Fish Star Technology Co., Ltd. is a value-added service that serves enterprise, business and home users with intelligent and easy-to-use network communication management devices and innovative technologies. A weak password vulnerability exists in the security gateway of Flyingfish...

IBM Security AppScan Enterprise 弱密码安全绕过漏洞(CVE-2013-0531)

BUGTRAQ ID: 62179 CVECAN ID: CVE-2013-0531 IBM Securityl AppScan Enterprise 是一个基于Web 的多用户Web 应用程序安全解决方案，提供集中的安全性扫描、数据合并和报告、补救功能、执行仪表板等功能 IBM Security AppScan Enterprise 即之前的IBM Rational AppScan Enterprise 支持使用弱加密算法的SSL套件，攻击者无需本地网络访问及身份验证，即可利用此漏洞解密客户端和服务器之间的通讯，或在客户端上执行中间人攻击，从而获取敏感信息，执行未授权操作 0 IBM...

MySQL 3.x/4.0.x - Weak Password Encryption

// source: https://www.securityfocus.com/bid/7500/info MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak left shift based cipher. The hash...