Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-307
Total 218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13617 1 Mitel 22 6863, 6863 Firmware, 6865 and 19 more 2020-09-01 5.0 MEDIUM 7.5 HIGH
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
CVE-2019-17215 1 Vzug 2 Combi-stream Mslq, Combi-stream Mslq Firmware 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
CVE-2019-5309 1 Huawei 2 Honor Play, Honor Play Firmware 2020-08-24 2.1 LOW 4.6 MEDIUM
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.
CVE-2019-5263 1 Huawei 2 Hisuite, Hwbackup 2020-08-24 2.1 LOW 5.5 MEDIUM
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
CVE-2019-5217 1 Huawei 2 Mate 9 Pro, Mate 9 Pro Firmware 2020-08-24 2.1 LOW 4.6 MEDIUM
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
CVE-2019-18917 1 Hp 16 Deskjet Ink Advantage 5000 M2u86a, Deskjet Ink Advantage 5000 M2u86a Firmware, Deskjet Ink Advantage 5000 M2u89b and 13 more 2020-08-24 6.4 MEDIUM 6.5 MEDIUM
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
CVE-2019-14951 1 Telenav 1 Scout Gps Link 2020-08-24 5.0 MEDIUM 7.5 HIGH
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
CVE-2019-14351 1 Espocrm 1 Espocrm 2020-08-24 4.0 MEDIUM 8.8 HIGH
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.
CVE-2019-14299 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
CVE-2019-13166 1 Xerox 2 Phaser 3320, Phaser 3320 Firmware 2020-08-24 5.0 MEDIUM 7.5 HIGH
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
CVE-2019-12941 1 Autopi 4 4g\/lte, 4g\/lte Firmware, Wi-fi\/nb and 1 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID.
CVE-2019-1126 1 Microsoft 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975.
CVE-2018-19879 1 Teltonika 2 Rut950, Rut950 Firmware 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password.
CVE-2018-19548 1 Rudrasoftech 1 Edusec 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
CVE-2019-20031 1 Nec 4 Um4730, Um4730 Firmware, Um8000 and 1 more 2020-08-03 6.4 MEDIUM 9.1 CRITICAL
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.
CVE-2020-8202 1 Nextcloud 1 Preferred Providers 2020-08-03 5.0 MEDIUM 5.3 MEDIUM
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
CVE-2020-14484 1 Openclinic Ga Project 1 Openclinic Ga 2020-07-22 5.0 MEDIUM 9.8 CRITICAL
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks.
CVE-2020-15367 1 Venki 1 Supravizio Bpm 2020-07-15 5.0 MEDIUM 9.8 CRITICAL
Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.
CVE-2020-7508 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2020-06-17 5.0 MEDIUM 9.8 CRITICAL
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.
CVE-2020-13872 2 Microsoft, Royalapps 2 Windows, Royal Ts 2020-06-12 3.3 LOW 8.8 HIGH
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.