Total
301 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29056 | 1 Fortinet | 1 Fortimail | 2023-12-10 | N/A | 5.3 MEDIUM |
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
CVE-2022-4797 | 1 Usememos | 1 Memos | 2023-12-10 | N/A | 4.3 MEDIUM |
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2023-12-10 | N/A | 5.3 MEDIUM |
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2023-12-10 | N/A | 5.3 MEDIUM |
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
CVE-2023-26476 | 1 Xwiki | 1 Xwiki | 2023-12-10 | N/A | 7.5 HIGH |
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`. | |||||
CVE-2022-26964 | 1 Devolutions | 1 Remote Desktop Manager | 2023-12-10 | N/A | 7.5 HIGH |
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded. | |||||
CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2023-12-10 | N/A | 7.5 HIGH |
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | |||||
CVE-2022-34389 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2023-12-10 | N/A | 5.3 MEDIUM |
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. | |||||
CVE-2023-24080 | 1 Chamberlain | 1 Myq | 2023-12-10 | N/A | 9.8 CRITICAL |
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | |||||
CVE-2022-45893 | 1 Planetestream | 1 Planet Estream | 2023-12-10 | N/A | 8.8 HIGH |
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access. | |||||
CVE-2022-38491 | 1 Easyvista | 1 Service Manager | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. | |||||
CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2023-12-10 | N/A | 7.5 HIGH |
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
CVE-2022-2650 | 1 Wger | 1 Wger | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. | |||||
CVE-2022-23746 | 1 Checkpoint | 1 Ssl Network Extender | 2023-12-10 | N/A | 7.5 HIGH |
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords. | |||||
CVE-2023-24020 | 1 Snapav | 2 Wattbox Wb-300-ip-3, Wattbox Wb-300-ip-3 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. | |||||
CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2023-12-10 | N/A | 8.8 HIGH |
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | |||||
CVE-2022-32515 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions) | |||||
CVE-2023-0860 | 1 Modoboa | 1 Installer | 2023-12-10 | N/A | 7.5 HIGH |
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | |||||
CVE-2022-30305 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2023-12-10 | N/A | 7.5 HIGH |
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. | |||||
CVE-2022-37772 | 1 Maarch | 1 Maarch Rm | 2023-12-10 | N/A | 7.5 HIGH |
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. |