Total
362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3945 | 1 Kavitareader | 1 Kavita | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | |||||
| CVE-2022-3741 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | N/A | 9.8 CRITICAL |
| Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | |||||
| CVE-2022-39314 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A | 3.7 LOW |
| Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. | |||||
| CVE-2022-38491 | 1 Easyvista | 1 Service Manager | 2024-11-21 | N/A | 8.2 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. | |||||
| CVE-2022-37772 | 1 Maarch | 1 Maarch Rm | 2024-11-21 | N/A | 7.5 HIGH |
| Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | |||||
| CVE-2022-37145 | 1 Plextrac | 1 Plextrac | 2024-11-21 | N/A | 7.5 HIGH |
| The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider. | |||||
| CVE-2022-37144 | 1 Plextrac | 1 Plextrac | 2024-11-21 | N/A | 8.8 HIGH |
| The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user. | |||||
| CVE-2022-36781 | 1 Connectwise | 1 Screenconnect | 2024-11-21 | N/A | 5.3 MEDIUM |
| ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks. | |||||
| CVE-2022-36413 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A | 9.1 CRITICAL |
| Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | |||||
| CVE-2022-35932 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations. | |||||
| CVE-2022-35925 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | N/A | 5.3 MEDIUM |
| BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually. | |||||
| CVE-2022-35846 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 8.1 HIGH |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. | |||||
| CVE-2022-35490 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A | 9.8 CRITICAL |
| Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place. | |||||
| CVE-2022-34389 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | N/A | 3.7 LOW |
| Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. | |||||
| CVE-2022-33735 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. | |||||
| CVE-2022-33106 | 1 Wijungle | 2 U250, U250 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | |||||
| CVE-2022-32757 | 1 Ibm | 1 Security Directory Suite Va | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. | |||||
| CVE-2022-32515 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2024-11-21 | N/A | 8.6 HIGH |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
| CVE-2022-31273 | 1 17ido | 1 Topidp3000 Topsec Operating System | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. | |||||
| CVE-2022-31234 | 1 Dell | 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more | 2024-11-21 | N/A | 8.1 HIGH |
| Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | |||||