Total
392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45790 | 1 Reedos | 1 Aim-star | 2024-09-18 | 9.8 Critical |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | ||||
| CVE-2021-22530 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.2 High |
| A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 | ||||
| CVE-2024-45589 | 1 Identityautomation | 3 Rapididentity, Rapididentity Cloud, Rapididentity Lts | 2024-09-12 | 6.5 Medium |
| RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. | ||||
| CVE-2024-45327 | 1 Fortinet | 1 Fortisoar | 2024-09-12 | 7.1 High |
| An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests. | ||||
| CVE-2024-8462 | 2024-09-05 | 3.7 Low | ||
| A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component. | ||||
| CVE-2024-42466 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-42465 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-39225 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-08-15 | 9.8 Critical |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2024-41904 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 7.5 High |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys. | ||||
| CVE-2024-41682 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | 5.3 Medium |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords. | ||||
| CVE-2024-39398 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | 7.4 High |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high. | ||||
| CVE-2024-38888 | 1 Horizoncloud | 1 Caterease | 2024-08-08 | 6.8 Medium |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. | ||||