Total
372 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-27943 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-08-03 | 7.5 High |
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations. | ||||
CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2024-08-03 | 5.4 Medium |
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | ||||
CVE-2021-27514 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-08-03 | 9.8 Critical |
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | ||||
CVE-2021-27188 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2024-08-03 | 7.5 High |
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | ||||
CVE-2021-25676 | 1 Siemens | 8 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M-800 and 5 more | 2024-08-03 | 7.5 High |
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. | ||||
CVE-2021-25309 | 1 Gigaset | 2 Dx600a, Dx600a Firmware | 2024-08-03 | 9.8 Critical |
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. | ||||
CVE-2021-22915 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-08-03 | 9.8 Critical |
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection. | ||||
CVE-2021-22818 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-08-03 | 7.5 High |
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | ||||
CVE-2021-22737 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-08-03 | 9.8 Critical |
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. | ||||
CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-08-03 | 7.5 High |
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | ||||
CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-08-03 | 7.5 High |
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | ||||
CVE-2021-20635 | 1 Logitech | 2 Lan-wh450n\/gr, Lan-wh450n\/gr Firmware | 2024-08-03 | 6.5 Medium |
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | ||||
CVE-2021-3663 | 1 Firefly-iii | 1 Firefly Iii | 2024-08-03 | 7.5 High |
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | ||||
CVE-2021-3412 | 1 Redhat | 2 3scale, 3scale Api Management | 2024-08-03 | 7.3 High |
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks. | ||||
CVE-2021-3138 | 1 Discourse | 1 Discourse | 2024-08-03 | 7.5 High |
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. | ||||
CVE-2022-45893 | 1 Planetestream | 1 Planet Estream | 2024-08-03 | 8.8 High |
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access. | ||||
CVE-2022-45790 | 1 Omron | 92 Cj1g-cpu42p, Cj1g-cpu42p Firmware, Cj1g-cpu43p and 89 more | 2024-08-03 | 8.6 High |
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. | ||||
CVE-2022-44022 | 1 Pwndoc Project | 1 Pwndoc | 2024-08-03 | 5.3 Medium |
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | ||||
CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2024-08-03 | 5.3 Medium |
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | ||||
CVE-2022-43904 | 1 Ibm | 1 Security Guardium | 2024-08-03 | 7.5 High |
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895. |