Total
307 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22915 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection. | |||||
CVE-2021-35472 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2023-12-10 | 6.0 MEDIUM | 8.8 HIGH |
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users. | |||||
CVE-2021-32522 | 1 Qsan | 3 Sanos, Storage Manager, Xevo | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | |||||
CVE-2021-27943 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations. | |||||
CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | |||||
CVE-2021-3663 | 1 Firefly-iii | 1 Firefly Iii | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | |||||
CVE-2020-23283 | 1 Mv | 1 Mconnect | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | |||||
CVE-2021-3412 | 1 Redhat | 2 3scale, 3scale Api Management | 2023-12-10 | 5.0 MEDIUM | 7.3 HIGH |
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks. | |||||
CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | |||||
CVE-2020-35590 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. | |||||
CVE-2020-27423 | 1 Anuko | 1 Time Tracker | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox | |||||
CVE-2020-29042 | 1 Bigbluebutton | 1 Bigbluebutton | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code. | |||||
CVE-2021-20635 | 1 Logitech | 2 Lan-wh450n\/gr, Lan-wh450n\/gr Firmware | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | |||||
CVE-2020-28212 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | |||||
CVE-2020-15906 | 1 Tiki | 1 Tiki | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | |||||
CVE-2020-28206 | 1 Bitrix24 | 1 Bitrix Framework | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group. | |||||
CVE-2019-18235 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | |||||
CVE-2021-27514 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | |||||
CVE-2020-5141 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |