Total
375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39873 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-39874 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2024-09-05 | N/A | 8.1 HIGH |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-8462 | 2024-09-05 | N/A | N/A | ||
| A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component. | |||||
| CVE-2024-39917 | 1 Neutrinolabs | 1 Xrdp | 2024-09-05 | N/A | 9.8 CRITICAL |
| xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. | |||||
| CVE-2024-42466 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | |||||
| CVE-2024-42465 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | |||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 9.8 CRITICAL |
| Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | |||||
| CVE-2024-39225 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-08-15 | N/A | 9.8 CRITICAL |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | |||||
| CVE-2024-41904 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys. | |||||
| CVE-2024-41682 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords. | |||||
| CVE-2024-39398 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | N/A | 7.4 HIGH |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high. | |||||
| CVE-2020-8827 | 1 Argoproj | 1 Argo Cd | 2024-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | |||||
| CVE-2021-28248 | 1 Broadcom | 1 Ehealth | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2023-41270 | 1 Samsung | 2 Ue40d7000, Ue40d7000 Firmware | 2024-08-02 | N/A | 4.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | |||||
| CVE-2023-26756 | 1 Revive | 1 Adserver | 2024-08-02 | N/A | 7.5 HIGH |
| The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features. | |||||
| CVE-2024-25031 | 1 Ibm | 1 Storage Defender | 2024-08-01 | N/A | 6.5 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | |||||
| CVE-2023-24051 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-08-01 | N/A | 9.8 CRITICAL |
| A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | |||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 7.5 HIGH |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | |||||
| CVE-2024-5862 | 2024-06-24 | N/A | 7.5 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14. | |||||