Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-25820 | 2023-03-22 | N/A | N/A | ||
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud Enterprise Server versions 25.0.x prior to 25.0.4, 24.0.x prior to 24.0.10, 23.0.x prior to 23.0.12.5, 22.x prior to 22.2.0.10, and 21.x prior to 21.0.9.10, when an attacker gets access to an already logged in user session they can then brute force the password on the confirmation endpoint. Nextcloud Server should upgraded to 24.0.10 or 25.0.4 and Nextcloud Enterprise Server should upgraded to 21.0.9.10, 22.2.10.10, 23.0.12.5, 24.0.10, or 25.0.4 to receive a patch. No known workarounds are available. | |||||
CVE-2023-24080 | 1 Chamberlain | 1 Myq | 2023-03-21 | N/A | 9.8 CRITICAL |
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | |||||
CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2023-03-15 | N/A | 5.3 MEDIUM |
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2023-03-15 | N/A | 5.3 MEDIUM |
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
CVE-2022-29056 | 1 Fortinet | 1 Fortimail | 2023-03-15 | N/A | 5.3 MEDIUM |
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
CVE-2023-26476 | 1 Xwiki | 1 Xwiki | 2023-03-14 | N/A | 7.5 HIGH |
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`. | |||||
CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2023-03-14 | N/A | 8.8 HIGH |
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | |||||
CVE-2021-29023 | 1 Invoiceplane | 1 Invoiceplane | 2023-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. | |||||
CVE-2023-0860 | 1 Modoboa | 1 Installer | 2023-02-24 | N/A | 7.5 HIGH |
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | |||||
CVE-2023-25156 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-02-24 | N/A | 9.8 CRITICAL |
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS. | |||||
CVE-2022-34389 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2023-02-21 | N/A | 5.3 MEDIUM |
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. | |||||
CVE-2022-32515 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 9.8 CRITICAL |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
CVE-2023-24020 | 1 Snapav | 2 Wattbox Wb-300-ip-3, Wattbox Wb-300-ip-3 Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. | |||||
CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2023-02-06 | N/A | 7.5 HIGH |
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | |||||
CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2023-02-02 | 4.3 MEDIUM | 8.1 HIGH |
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | |||||
CVE-2022-38491 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 7.5 HIGH |
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. | |||||
CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2023-01-26 | N/A | 7.5 HIGH |
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
CVE-2021-22737 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2023-01-19 | 5.0 MEDIUM | 9.8 CRITICAL |
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. | |||||
CVE-2022-4797 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. |