Vulnerabilities (CVE)

Filtered by CWE-799
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-51557 1 63moons 2 Aero, Wave 2.0 2024-11-08 N/A 6.5 MEDIUM
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
CVE-2024-47654 1 Shilpisoft 1 Client Dashboard 2024-10-16 N/A 7.5 HIGH
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.
CVE-2024-48942 1 Syracom 1 Secure Login 2024-10-11 N/A 5.9 MEDIUM
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.
CVE-2024-9199 1 Clibomanager 1 Clibo Manager 2024-10-02 N/A 7.5 HIGH
Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS).
CVE-2024-45788 1 Reedos 1 Aim-star 2024-09-18 N/A 7.5 HIGH
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
CVE-2024-6890 1 Journyx 1 Journyx 2024-08-08 N/A 8.8 HIGH
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
CVE-2024-35246 2024-06-21 N/A 7.5 HIGH
An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
CVE-2024-32943 2024-06-21 N/A 7.5 HIGH
An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
CVE-2024-0094 2024-06-17 N/A 5.5 MEDIUM
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service.
CVE-2023-51544 2024-06-04 N/A 5.3 MEDIUM
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
CVE-2023-40332 2024-06-04 N/A 5.3 MEDIUM
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
CVE-2023-40673 2024-06-04 N/A 6.5 MEDIUM
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.
CVE-2023-35621 1 Microsoft 1 Dynamics 365 2024-05-29 N/A 7.5 HIGH
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
CVE-2024-24873 2024-05-17 N/A 5.3 MEDIUM
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.
CVE-2024-34695 2024-05-14 N/A 6.3 MEDIUM
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1.
CVE-2023-27279 1 Ibm 1 Aspera Faspex 2024-04-29 N/A 6.5 MEDIUM
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
CVE-2023-38068 1 Jetbrains 1 Youtrack 2024-02-28 N/A 7.3 HIGH
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
CVE-2021-41177 1 Nextcloud 1 Nextcloud Server 2024-02-28 5.5 MEDIUM 8.1 HIGH
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.
CVE-2021-37191 1 Siemens 1 Sinema Remote Connect Server 2024-02-28 3.3 LOW 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.
CVE-2021-37910 1 Asus 10 Gt-axe11000, Gt-axe11000 Firmware, Rt-ax3000 and 7 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.