Total
218 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26964 | 1 Devolutions | 1 Remote Desktop Manager | 2023-01-05 | N/A | 7.5 HIGH |
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded. | |||||
CVE-2022-45893 | 1 Planetestream | 1 Planet Estream | 2023-01-04 | N/A | 8.8 HIGH |
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access. | |||||
CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2022-12-12 | N/A | 5.3 MEDIUM |
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | |||||
CVE-2019-4068 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. | |||||
CVE-2022-28384 | 1 Verbatim | 4 Keypad Secure Usb 3.2 Gen 1, Keypad Secure Usb 3.2 Gen 1 Firmware, Store \'n\' Go Secure Portable Hdd and 1 more | 2022-12-07 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. | |||||
CVE-2019-4520 | 1 Ibm | 1 Security Directory Server | 2022-12-07 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. | |||||
CVE-2022-28386 | 1 Verbatim | 4 Gd25lk01-3637-c, Gd25lk01-3637-c Firmware, Keypad Secure Usb 3.2 Gen 1 and 1 more | 2022-12-06 | 2.1 LOW | 4.6 MEDIUM |
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. | |||||
CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2022-12-06 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | |||||
CVE-2022-23746 | 1 Checkpoint | 1 Ssl Network Extender | 2022-12-06 | N/A | 7.5 HIGH |
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords. | |||||
CVE-2022-2650 | 1 Wger | 1 Wger | 2022-11-30 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. | |||||
CVE-2022-37772 | 1 Maarch | 1 Maarch Rm | 2022-11-26 | N/A | 7.5 HIGH |
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | |||||
CVE-2022-4006 | 1 Wbce | 1 Wbce Cms | 2022-11-18 | N/A | 7.5 HIGH |
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716. | |||||
CVE-2020-7995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 10.0 HIGH | 9.8 CRITICAL |
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | |||||
CVE-2022-2166 | 1 Joinmastodon | 1 Mastodon | 2022-11-16 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | |||||
CVE-2022-3945 | 1 Kavitareader | 1 Kavita | 2022-11-16 | N/A | 5.3 MEDIUM |
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | |||||
CVE-2022-36781 | 1 Connectwise | 1 Connectwise | 2022-11-09 | N/A | 5.3 MEDIUM |
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session. | |||||
CVE-2022-27516 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2022-11-09 | N/A | 9.8 CRITICAL |
User login brute force protection functionality bypass | |||||
CVE-2022-3741 | 1 Chatwoot | 1 Chatwoot | 2022-11-01 | N/A | 9.8 CRITICAL |
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | |||||
CVE-2022-44022 | 1 Pwndoc Project | 1 Pwndoc | 2022-11-01 | N/A | 5.3 MEDIUM |
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | |||||
CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2022-10-26 | 5.0 MEDIUM | 9.8 CRITICAL |
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. |