Total
372 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-12941 | 1 Autopi | 4 4g\/lte, 4g\/lte Firmware, Wi-fi\/nb and 1 more | 2024-08-04 | 9.8 Critical |
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID. | ||||
CVE-2019-5421 | 1 Plataformatec | 1 Devise | 2024-08-04 | 9.8 Critical |
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later. | ||||
CVE-2019-5309 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2024-08-04 | 4.6 Medium |
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. | ||||
CVE-2019-5263 | 1 Huawei | 2 Hisuite, Hwbackup | 2024-08-04 | 5.5 Medium |
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. | ||||
CVE-2019-5217 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2024-08-04 | N/A |
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. | ||||
CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2024-08-04 | 9.0 Critical |
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. | ||||
CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-08-04 | 9.8 Critical |
HCL AppScan Standard is vulnerable to excessive authorization attempts | ||||
CVE-2019-1126 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-08-04 | N/A |
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | ||||
CVE-2020-35590 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2024-08-04 | 9.8 Critical |
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. | ||||
CVE-2020-35585 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2024-08-04 | 7.5 High |
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. | ||||
CVE-2020-35586 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2024-08-04 | 7.5 High |
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters). | ||||
CVE-2020-35565 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-08-04 | 9.8 Critical |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default. | ||||
CVE-2020-29136 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 6.5 Medium |
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | ||||
CVE-2020-29042 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 3.7 Low |
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code. | ||||
CVE-2020-28206 | 1 Bitrix24 | 1 Bitrix Framework | 2024-08-04 | 6.5 Medium |
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group. | ||||
CVE-2020-28212 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-08-04 | 9.8 Critical |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | ||||
CVE-2020-27747 | 1 Clickstudios | 1 Passwordstate | 2024-08-04 | 6.8 Medium |
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. | ||||
CVE-2020-27423 | 1 Anuko | 1 Time Tracker | 2024-08-04 | 7.5 High |
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox | ||||
CVE-2020-26556 | 1 Bluetooth | 2 Bluetooth Core Specification, Mesh Profile | 2024-08-04 | 7.5 High |
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. | ||||
CVE-2020-26147 | 5 Arista, Debian, Linux and 2 more | 15 C-65, C-65 Firmware, C-75 and 12 more | 2024-08-04 | 5.4 Medium |
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. |