CWE-255
781 CVEs classified under CWE-255. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-0898 | Critical | 10.0 | 2018-03-29 | MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component l… |
CVE-2020-3140 | Critical | 9.8 | 2020-07-16 | A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthori… |
CVE-2020-10287 | Critical | 9.8 | 2020-07-15 | The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documente… |
CVE-2019-7488 | Critical | 9.8 | 2019-12-23 | Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability a… |
CVE-2018-7820 | Critical | 9.8 | 2019-09-17 | A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to b… |
CVE-2019-13560 | Critical | 9.8 | 2019-07-11 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. |
CVE-2017-8229 | Critical | 9.8 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420… |
CVE-2017-6900 | Critical | 9.8 | 2019-07-03 | An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When callin… |
CVE-2017-9385 | Critical | 9.8 | 2019-06-17 | An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows… |
CVE-2019-7690 | Critical | 9.8 | 2019-05-13 | In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the proce… |
CVE-2017-6047 | Critical | 9.8 | 2019-04-02 | Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication. |
CVE-2010-5305 | Critical | 9.8 | 2019-03-26 | The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controll… |
CVE-2014-5433 | Critical | 9.8 | 2019-03-26 | An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum I… |
CVE-2017-17836 | Critical | 9.8 | 2019-01-23 | In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An att… |
CVE-2015-9278 | Critical | 9.8 | 2019-01-16 | MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-cha… |
CVE-2018-15719 | Critical | 9.8 | 2018-12-12 | Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network w… |
CVE-2018-15389 | Critical | 9.8 | 2018-10-05 | A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administr… |
CVE-2016-6554 | Critical | 9.8 | 2018-07-13 | Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of… |
CVE-2016-6553 | Critical | 9.8 | 2018-07-13 | Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attack… |
CVE-2016-6552 | Critical | 9.8 | 2018-07-13 | Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. |