Total
362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27747 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. | |||||
| CVE-2020-27423 | 1 Anuko | 1 Time Tracker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox | |||||
| CVE-2020-26556 | 1 Bluetooth | 2 Bluetooth Core Specification, Mesh Profile | 2024-11-21 | 2.9 LOW | 7.5 HIGH |
| Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. | |||||
| CVE-2020-25827 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. | |||||
| CVE-2020-25196 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | |||||
| CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
| CVE-2020-23283 | 1 Mv | 1 Mconnect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | |||||
| CVE-2020-21238 | 1 Chshcms | 1 Cscms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | |||||
| CVE-2020-21237 | 1 8cms | 1 Ljcms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | |||||
| CVE-2020-1616 | 1 Juniper | 2 Advanced Threat Protection, Virtual Advanced Threat Protection | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. | |||||
| CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | |||||
| CVE-2020-15906 | 1 Tiki | 1 Tiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | |||||
| CVE-2020-15786 | 1 Siemens | 8 Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Basic Panels 2nd Generation Firmware, Simatic Hmi Comfort Panels and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | |||||
| CVE-2020-15770 | 1 Gradle | 1 Enterprise | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | |||||
| CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
| CVE-2020-14494 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. | |||||
| CVE-2020-14484 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | |||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | |||||
| CVE-2020-13835 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | |||||
| CVE-2020-13805 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | |||||