Total
392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2051 | 2024-11-21 | 9.8 Critical | ||
| CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. | ||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.9 Medium |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | ||||
| CVE-2024-28022 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | 6.5 Medium |
| A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | ||||
| CVE-2024-25031 | 1 Ibm | 2 Storage Defender, Storage Defender Resiliency Service | 2024-11-21 | 6.5 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | ||||
| CVE-2024-24767 | 2024-11-21 | 9.1 Critical | ||
| CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue. | ||||
| CVE-2024-22425 | 2024-11-21 | 6.5 Medium | ||
| Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. | ||||
| CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2024-11-21 | 9.1 Critical |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | ||||
| CVE-2024-1104 | 2024-11-21 | 7.5 High | ||
| An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. | ||||
| CVE-2023-6928 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2024-11-21 | 9.8 Critical |
| EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | ||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2024-11-21 | 7.5 High |
| Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | ||||
| CVE-2023-6756 | 1 Thecosy | 1 Icecms | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884. | ||||
| CVE-2023-6272 | 1 Thememylogin | 1 2fa | 2024-11-21 | 9.8 Critical |
| The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. | ||||
| CVE-2023-5754 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | 9.1 Critical |
| Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | ||||
| CVE-2023-50326 | 1 Ibm | 1 Powersc | 2024-11-21 | 7.5 High |
| IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107. | ||||
| CVE-2023-50123 | 1 Hozard | 1 Alarm System | 2024-11-21 | 8.1 High |
| The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state. | ||||
| CVE-2023-4625 | 1 Mitsubishielectric | 126 Fx5s-30mr\/es, Fx5s-30mr\/es Firmware, Fx5s-30mt\/es and 123 more | 2024-11-21 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. | ||||
| CVE-2023-49810 | 1 Wwbn | 1 Avideo | 2024-11-21 | 7.3 High |
| A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2023-49792 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.3 Medium |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-49443 | 1 Html-js | 1 Doracms | 2024-11-21 | 9.8 Critical |
| DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. | ||||
| CVE-2023-49278 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.3 Medium |
| Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | ||||