Total
343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28911 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2021-09-20 | 10.0 HIGH | 9.8 CRITICAL |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access. | |||||
| CVE-2021-38725 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | |||||
| CVE-2021-32522 | 1 Qsan | 3 Sanos, Storage Manager, Xevo | 2021-09-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | |||||
| CVE-2021-20427 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | |||||
| CVE-2021-35472 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2021-08-11 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users. | |||||
| CVE-2021-27943 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations. | |||||
| CVE-2021-3663 | 1 Firefly-iii | 1 Firefly Iii | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | |||||
| CVE-2020-23283 | 1 Mv | 1 Mconnect | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | |||||
| CVE-2020-27747 | 1 Clickstudios | 1 Passwordstate | 2021-07-21 | 2.1 LOW | 6.8 MEDIUM |
| An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. | |||||
| CVE-2020-4567 | 1 Ibm | 1 Security Key Lifecycle Manager | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156. | |||||
| CVE-2020-4232 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. | |||||
| CVE-2020-13835 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | |||||
| CVE-2019-20881 | 1 Mattermost | 1 Mattermost Server | 2021-07-21 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | |||||
| CVE-2020-12645 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | |||||
| CVE-2020-11650 | 1 Ixsystems | 4 Freenas, Freenas Firmware, Truenas and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. | |||||
| CVE-2020-8827 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | |||||
| CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | |||||
| CVE-2020-13312 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | |||||
| CVE-2020-6852 | 1 Cacagoo | 2 Tv-288zd-2mp, Tv-288zd-2mp Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. | |||||