Total
371 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2024-09-19 | 9.8 Critical |
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | ||||
CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2024-09-19 | 8.1 High |
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||
CVE-2023-43699 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 7.5 High |
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | ||||
CVE-2024-47088 | 1 Apexsoftcell | 1 Ld Geo | 2024-09-19 | N/A |
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts. | ||||
CVE-2024-45790 | 1 Reedos | 1 Aim-star | 2024-09-18 | 9.8 Critical |
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | ||||
CVE-2023-44096 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-18 | 7.5 High |
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2023-44111 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-18 | 7.5 High |
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-5682 | 1 Yordam | 1 Library Automation System | 2024-09-18 | 6.5 Medium |
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1. | ||||
CVE-2023-39960 | 1 Nextcloud | 1 Nextcloud Server | 2024-09-17 | 5 Medium |
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available. | ||||
CVE-2023-37832 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-09-17 | 7.5 High |
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | ||||
CVE-2022-22452 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-09-17 | 7.5 High |
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918. | ||||
CVE-2021-20427 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-17 | 7.5 High |
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | ||||
CVE-2018-19021 | 1 Emerson | 1 Deltav | 2024-09-17 | 6.5 Medium |
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | ||||
CVE-2017-11187 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-09-17 | N/A |
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. | ||||
CVE-2021-36285 | 1 Dell | 42 Latitude 5310 2-in-1, Latitude 5310 2-in-1 Firmware, Latitude 5320 and 39 more | 2024-09-17 | 5.7 Medium |
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. | ||||
CVE-2019-4520 | 1 Ibm | 1 Security Directory Server | 2024-09-17 | 7.5 High |
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. | ||||
CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-09-17 | 9.8 Critical |
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | ||||
CVE-2020-10285 | 1 Ufactory | 2 Xarm 5 Lite, Xarm 5 Lite Firmware | 2024-09-17 | 9.8 Critical |
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access. | ||||
CVE-2020-4400 | 1 Ibm | 1 Verify Gateway | 2024-09-17 | 7.5 High |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. | ||||
CVE-2021-36284 | 1 Dell | 42 Latitude 5310 2-in-1, Latitude 5310 2-in-1 Firmware, Latitude 5320 and 39 more | 2024-09-17 | 5.7 Medium |
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. |