Total
372 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-26146 | 4 Arista, Redhat, Samsung and 1 more | 39 C-100, C-100 Firmware, C-110 and 36 more | 2024-08-04 | 5.3 Medium |
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. | ||||
CVE-2020-26145 | 3 Redhat, Samsung, Siemens | 27 Enterprise Linux, Galaxy I9305, Galaxy I9305 Firmware and 24 more | 2024-08-04 | 6.5 Medium |
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. | ||||
CVE-2020-25827 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-08-04 | 7.5 High |
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. | ||||
CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2024-08-04 | 9.8 Critical |
Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | ||||
CVE-2020-23283 | 1 Mv | 1 Mconnect | 2024-08-04 | 7.5 High |
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | ||||
CVE-2020-21237 | 1 8cms | 1 Ljcms | 2024-08-04 | 9.8 Critical |
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | ||||
CVE-2020-21238 | 1 Chshcms | 1 Cscms | 2024-08-04 | 9.8 Critical |
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | ||||
CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2024-08-04 | 9.8 Critical |
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | ||||
CVE-2020-15906 | 1 Tiki | 1 Tiki | 2024-08-04 | 9.8 Critical |
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | ||||
CVE-2020-15786 | 1 Siemens | 8 Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Basic Panels 2nd Generation Firmware, Simatic Hmi Comfort Panels and 5 more | 2024-08-04 | 9.8 Critical |
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | ||||
CVE-2020-15770 | 1 Gradle | 1 Enterprise | 2024-08-04 | 5.5 Medium |
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | ||||
CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2024-08-04 | 9.8 Critical |
Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | ||||
CVE-2020-14484 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-08-04 | 9.8 Critical |
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | ||||
CVE-2020-14494 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-08-04 | 9.8 Critical |
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. | ||||
CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2024-08-04 | 8.8 High |
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | ||||
CVE-2020-13805 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-04 | 9.8 Critical |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | ||||
CVE-2020-13835 | 1 Google | 1 Android | 2024-08-04 | 9.8 Critical |
An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | ||||
CVE-2020-13617 | 1 Mitel | 22 6863, 6863 Firmware, 6865 and 19 more | 2024-08-04 | 7.5 High |
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | ||||
CVE-2020-13312 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.5 Medium |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | ||||
CVE-2020-12752 | 1 Google | 1 Android | 2024-08-04 | 7.5 High |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). |