Total
362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28248 | 1 Broadcom | 1 Ehealth | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||||
| CVE-2021-27943 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations. | |||||
| CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | N/A | 5.4 MEDIUM |
| HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
| CVE-2021-27514 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | |||||
| CVE-2021-27188 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | |||||
| CVE-2021-25676 | 1 Siemens | 8 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M-800 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. | |||||
| CVE-2021-25309 | 1 Gigaset | 2 Dx600a, Dx600a Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. | |||||
| CVE-2021-22915 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection. | |||||
| CVE-2021-22818 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2021-22737 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. | |||||
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-11-21 | N/A | 7.5 HIGH |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | |||||
| CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | |||||
| CVE-2021-20635 | 1 Logitech | 2 Lan-wh450n\/gr, Lan-wh450n\/gr Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | |||||
| CVE-2021-20427 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | |||||
| CVE-2021-20415 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217. | |||||
| CVE-2021-1311 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting. | |||||
| CVE-2020-8827 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | |||||
| CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | |||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||