ReportizFlow
Filtered by vendor
Subscriptions
Total
389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8429 | 2024-12-17 | 4.3 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. | ||||
| CVE-2024-38488 | 2024-12-13 | 6.5 Medium | ||
| Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner. | ||||
| CVE-2022-32757 | 1 Ibm | 1 Security Directory Suite Va | 2024-12-13 | 7.5 High |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. | ||||
| CVE-2024-46442 | 2024-12-11 | 9.8 Critical | ||
| An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. | ||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2024-12-10 | 8.1 High |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2023-36434 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 9.8 Critical |
| Windows IIS Server Elevation of Privilege Vulnerability | ||||
| CVE-2023-43699 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 7.5 High |
| Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | ||||
| CVE-2024-28825 | 1 Checkmk | 1 Checkmk | 2024-12-09 | 5.9 Medium |
| Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | ||||
| CVE-2024-21500 | 2024-12-06 | 4.8 Medium | ||
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process. | ||||
| CVE-2023-32320 | 1 Nextcloud | 1 Nextcloud Server | 2024-12-05 | 8.7 High |
| Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue. | ||||
| CVE-2023-35172 | 1 Nextcloud | 1 Nextcloud Server | 2024-12-05 | 8.7 High |
| NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-32224 | 2 D-link, Dlink | 3 Dsl-224 Firmware, Dsl-224, Dsl-224 Firmware | 2024-11-27 | 9.8 Critical |
| D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts | ||||
| CVE-2024-9928 | 1 Hitachienergy | 1 Nsd570 Firmware | 2024-11-26 | 5.3 Medium |
| A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. | ||||
| CVE-2024-5716 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system. Was ZDI-CAN-24164. | ||||
| CVE-2023-50444 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2024-11-26 | 7.5 High |
| By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. | ||||
| CVE-2024-49597 | 2024-11-26 | 7.6 High | ||
| Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | ||||
| CVE-2024-5862 | 2024-11-21 | 7.5 High | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14. | ||||
| CVE-2024-3461 | 2024-11-21 | 6.2 Medium | ||
| KioWare for Windows (versions all through 8.35)Â allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number. | ||||
| CVE-2024-3202 | 2024-11-21 | 3.7 Low | ||
| A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-259049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3102 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | 5.3 Medium |
| A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security. | ||||