Total
304 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-18261 | 1 Omron | 3 Plc Cj Firmware, Plc Cs Firmware, Plc Nj Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. | |||||
CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | |||||
CVE-2020-7995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | |||||
CVE-2019-5263 | 1 Huawei | 2 Hisuite, Hwbackup | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. | |||||
CVE-2014-2875 | 1 Keplerproject | 1 Cgilua | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID. | |||||
CVE-2019-17240 | 1 Bludit | 1 Bludit | 2023-12-10 | 4.3 MEDIUM | 9.8 CRITICAL |
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | |||||
CVE-2019-17215 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device. | |||||
CVE-2019-15577 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | |||||
CVE-2019-12941 | 1 Autopi | 4 4g\/lte, 4g\/lte Firmware, Wi-fi\/nb and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID. | |||||
CVE-2019-18985 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | |||||
CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
CVE-2019-5309 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. | |||||
CVE-2019-3746 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. | |||||
CVE-2013-2228 | 1 Saltstack | 1 Saltstack | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
SaltStack RSA Key Generation allows remote users to decrypt communications | |||||
CVE-2019-5217 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. | |||||
CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | |||||
CVE-2019-1126 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | |||||
CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | |||||
CVE-2019-14951 | 1 Telenav | 1 Scout Gps Link | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile. | |||||
CVE-2019-6524 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. |