Total
362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47088 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts. | |||||
| CVE-2024-32771 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-20 | N/A | 2.4 LOW |
| An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later | |||||
| CVE-2024-45523 | 2024-09-20 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP. | |||||
| CVE-2024-5682 | 2024-09-20 | N/A | 6.5 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1. | |||||
| CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2024-09-19 | N/A | 9.8 CRITICAL |
| Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | |||||
| CVE-2024-45790 | 1 Reedos | 1 Aim-star | 2024-09-18 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | |||||
| CVE-2022-36781 | 1 Connectwise | 1 Screenconnect | 2024-09-16 | N/A | 5.3 MEDIUM |
| ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks. | |||||
| CVE-2021-22530 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 9.9 CRITICAL |
| A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-45589 | 1 Identityautomation | 1 Rapididentity | 2024-09-12 | N/A | 5.9 MEDIUM |
| RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. | |||||
| CVE-2024-45327 | 2024-09-11 | N/A | 7.5 HIGH | ||
| An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests. | |||||
| CVE-2024-39874 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-39873 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2024-09-05 | N/A | 8.1 HIGH |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-8462 | 2024-09-05 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component. | |||||
| CVE-2024-39917 | 1 Neutrinolabs | 1 Xrdp | 2024-09-05 | N/A | 9.8 CRITICAL |
| xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. | |||||
| CVE-2024-22425 | 2024-08-29 | N/A | 6.5 MEDIUM | ||
| Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. | |||||
| CVE-2024-42466 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | |||||
| CVE-2024-42465 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | |||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 9.8 CRITICAL |
| Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | |||||
| CVE-2024-39225 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-08-15 | N/A | 9.8 CRITICAL |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | |||||