Vulnerabilities (CVE)

Filtered by CWE-307
Total 471 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35925 1 Joinbookwyrm 1 Bookwyrm 2024-11-21 N/A 5.3 MEDIUM
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.
CVE-2022-35846 1 Fortinet 1 Fortitester 2024-11-21 N/A 8.1 HIGH
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
CVE-2022-35490 1 Zammad 1 Zammad 2024-11-21 N/A 9.8 CRITICAL
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.
CVE-2022-34389 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 N/A 3.7 LOW
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.
CVE-2022-32757 1 Ibm 1 Security Directory Suite Va 2024-11-21 N/A 7.5 HIGH
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
CVE-2022-32515 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-11-21 N/A 8.6 HIGH
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)
CVE-2022-31273 1 17ido 1 Topidp3000 Topsec Operating System 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.
CVE-2022-31234 1 Dell 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more 2024-11-21 N/A 8.1 HIGH
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.
CVE-2022-31228 1 Dell 3 Xtremio Management Server, Xtremio X1, Xtremio X2 2024-11-21 N/A 8.1 HIGH
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.
CVE-2022-31118 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 6.5 MEDIUM
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.
CVE-2022-30305 1 Fortinet 2 Fortideceptor, Fortisandbox 2024-11-21 N/A 3.7 LOW
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
CVE-2022-30235 1 Schneider-electric 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more 2024-11-21 5.0 MEDIUM 8.6 HIGH
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
CVE-2022-2822 1 Octoprint 1 Octoprint 2024-11-21 N/A 7.5 HIGH
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
CVE-2022-2650 1 Wger 1 Wger 2024-11-21 N/A 9.8 CRITICAL
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
CVE-2022-2321 1 Heroiclabs 1 Nakama 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.
CVE-2022-2166 1 Joinmastodon 1 Mastodon 2024-11-21 N/A 9.8 CRITICAL
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.
CVE-2022-29084 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-11-21 10.0 HIGH 8.1 HIGH
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
CVE-2022-29056 1 Fortinet 1 Fortimail 2024-11-21 N/A 3.7 LOW
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
CVE-2022-28386 1 Verbatim 4 Gd25lk01-3637-c, Gd25lk01-3637-c Firmware, Keypad Secure Usb 3.2 Gen 1 and 1 more 2024-11-21 2.1 LOW 4.6 MEDIUM
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
CVE-2022-28384 1 Verbatim 4 Keypad Secure Usb 3.2 Gen 1, Keypad Secure Usb 3.2 Gen 1 Firmware, Store \'n\' Go Secure Portable Hdd and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.