Total
218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13617 | 1 Mitel | 22 6863, 6863 Firmware, 6865 and 19 more | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | |||||
| CVE-2019-17215 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device. | |||||
| CVE-2019-5309 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. | |||||
| CVE-2019-5263 | 1 Huawei | 2 Hisuite, Hwbackup | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. | |||||
| CVE-2019-5217 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. | |||||
| CVE-2019-18917 | 1 Hp | 16 Deskjet Ink Advantage 5000 M2u86a, Deskjet Ink Advantage 5000 M2u86a Firmware, Deskjet Ink Advantage 5000 M2u89b and 13 more | 2020-08-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | |||||
| CVE-2019-14951 | 1 Telenav | 1 Scout Gps Link | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile. | |||||
| CVE-2019-14351 | 1 Espocrm | 1 Espocrm | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. | |||||
| CVE-2019-14299 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. | |||||
| CVE-2019-13166 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | |||||
| CVE-2019-12941 | 1 Autopi | 4 4g\/lte, 4g\/lte Firmware, Wi-fi\/nb and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID. | |||||
| CVE-2019-1126 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | |||||
| CVE-2018-19879 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. | |||||
| CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2019-20031 | 1 Nec | 4 Um4730, Um4730 Firmware, Um8000 and 1 more | 2020-08-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | |||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2020-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | |||||
| CVE-2020-14484 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | |||||
| CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2020-07-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
| CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | |||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2020-06-12 | 3.3 LOW | 8.8 HIGH |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | |||||