Total
299 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49443 | 1 Html-js | 1 Doracms | 2023-12-11 | N/A | 9.8 CRITICAL |
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. | |||||
CVE-2023-48028 | 1 Kodcloud | 1 Kodbox | 2023-12-10 | N/A | 9.8 CRITICAL |
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | |||||
CVE-2023-24051 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | |||||
CVE-2023-43699 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | |||||
CVE-2023-39960 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | N/A | 7.5 HIGH |
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available. | |||||
CVE-2023-37635 | 1 Uvdesk | 1 Community-skeleton | 2023-12-10 | N/A | 9.8 CRITICAL |
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | |||||
CVE-2023-3548 | 1 Johnsoncontrols | 2 Iq Wifi 6, Iq Wifi 6 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | |||||
CVE-2023-21709 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | N/A | 9.8 CRITICAL |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
CVE-2015-20110 | 1 Jhipster | 1 Jhipster | 2023-12-10 | N/A | 7.5 HIGH |
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | |||||
CVE-2023-45149 | 1 Nextcloud | 1 Talk | 2023-12-10 | N/A | 4.3 MEDIUM |
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability. | |||||
CVE-2023-42769 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2023-12-10 | N/A | 9.8 CRITICAL |
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | |||||
CVE-2023-39958 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | N/A | 5.3 MEDIUM |
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | |||||
CVE-2023-44096 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-46123 | 1 Fit2cloud | 1 Jumpserver | 2023-12-10 | N/A | 5.3 MEDIUM |
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. | |||||
CVE-2022-24402 | 1 Midnightblue | 1 Tetra\ | 2023-12-10 | N/A | 7.5 HIGH |
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | |||||
CVE-2023-32657 | 1 Weintek | 1 Weincloud | 2023-12-10 | N/A | 7.5 HIGH |
Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. | |||||
CVE-2023-26271 | 1 Ibm | 1 Guardium Cloud Key Manager | 2023-12-10 | N/A | 7.5 HIGH |
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. | |||||
CVE-2023-41350 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | |||||
CVE-2023-3669 | 1 Codesys | 1 Development System | 2023-12-10 | N/A | 3.3 LOW |
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | |||||
CVE-2023-5754 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. |