Total
520 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10876 | 2 Mica, Oklok Project | 2 Fingerprint Bluetooth Padlock Fb50, Oklok | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.
|
|||||
| CVE-2020-10849 | 2 Google, Samsung | 4 Android, Exynos 7885, Exynos 8895 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020).
|
|||||
| CVE-2020-10285 | 1 Ufactory | 2 Xarm 5 Lite, Xarm 5 Lite Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
|
|||||
| CVE-2019-6524 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
|
|||||
| CVE-2019-5421 | 1 Plataformatec | 1 Devise | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed ...
Show More |
|||||
| CVE-2019-5309 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.
|
|||||
| CVE-2019-5263 | 1 Huawei | 2 Hisuite, Hwbackup | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
|
|||||
| CVE-2019-5217 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
|
|||||
| CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
|
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability.
|
|||||
| CVE-2019-4520 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.
|
|||||
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
HCL AppScan Standard is vulnerable to excessive authorization attempts
|
|||||
| CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.
|
|||||
| CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.
|
|||||
| CVE-2019-4068 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.
|
|||||
| CVE-2019-3766 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.
|
|||||
| CVE-2019-3746 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
|
|||||
| CVE-2019-20881 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.
|
|||||
| CVE-2019-20031 | 1 Nec | 4 Um4730, Um4730 Firmware, Um8000 and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.
|
|||||
| CVE-2019-1126 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This ...
Show More |
|||||
| CVE-2019-18986 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
|
|||||
| CVE-2019-18985 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
|
|||||
| CVE-2019-18917 | 1 Hp | 16 Deskjet Ink Advantage 5000 M2u86a, Deskjet Ink Advantage 5000 M2u86a Firmware, Deskjet Ink Advantage 5000 M2u89b and 13 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
|
|||||
| CVE-2019-18261 | 1 Omron | 3 Plc Cj Firmware, Plc Cs Firmware, Plc Nj Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
|
|||||
| CVE-2019-18235 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
|
|||||
| CVE-2019-17525 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
|
|||||
| CVE-2019-17240 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.3 MEDIUM | 9.8 CRITICAL |
|
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
|
|||||
| CVE-2019-17215 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
|
|||||
| CVE-2019-16670 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.
|
|||||
| CVE-2019-15577 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.
|
|||||
| CVE-2019-14951 | 1 Telenav | 1 Scout Gps Link | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
|
|||||
| CVE-2019-14351 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.
|
|||||
| CVE-2019-14299 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
|
|||||
| CVE-2019-13918 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.
|
|||||
| CVE-2019-13166 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
|
|||||
| CVE-2019-12941 | 1 Autopi | 4 4g\/lte, 4g\/lte Firmware, Wi-fi\/nb and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID.
|
|||||
| CVE-2019-0039 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; ...
Show More |
|||||
| CVE-2018-5469 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.
|
|||||
| CVE-2018-1475 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.
|
|||||
| CVE-2018-1373 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773.
|
|||||
| CVE-2018-19879 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
|
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password.
|
|||||