Total
304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27188 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | |||||
CVE-2020-35585 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. | |||||
CVE-2020-15770 | 1 Gradle | 1 Enterprise | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | |||||
CVE-2021-25676 | 1 Siemens | 8 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M-800 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. | |||||
CVE-2020-25196 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | |||||
CVE-2020-29136 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | |||||
CVE-2020-35565 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default. | |||||
CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||
CVE-2020-25827 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. | |||||
CVE-2021-25309 | 1 Gigaset | 2 Dx600a, Dx600a Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. | |||||
CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
CVE-2020-10876 | 2 Mica, Oklok Project | 2 Fingerprint Bluetooth Padlock Fb50, Oklok | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. | |||||
CVE-2020-15786 | 1 Siemens | 8 Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Basic Panels 2nd Generation Firmware, Simatic Hmi Comfort Panels and 5 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | |||||
CVE-2020-4193 | 1 Ibm | 1 Security Guardium | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | |||||
CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | |||||
CVE-2020-7525 | 1 Schneider-electric | 4 Spacelynk, Spacelynk Firmware, Wiser For Knx and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | |||||
CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | |||||
CVE-2019-18917 | 1 Hp | 16 Deskjet Ink Advantage 5000 M2u86a, Deskjet Ink Advantage 5000 M2u86a Firmware, Deskjet Ink Advantage 5000 M2u89b and 13 more | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | |||||
CVE-2020-11052 | 1 Sorcery Project | 1 Sorcery | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0. |