Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5469 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication. | |||||
| CVE-2018-1475 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756. | |||||
| CVE-2018-1373 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. | |||||
| CVE-2018-19879 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
| An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. | |||||
| CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2018-19021 | 1 Emerson | 1 Deltav | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | |||||
| CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | |||||
| CVE-2018-15759 | 1 Pivotal Software | 2 Broker Api, On Demand Services Sdk | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations. | |||||
| CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
| CVE-2018-12993 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. | |||||
| CVE-2018-12649 | 1 Misp | 1 Misp | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. | |||||
| CVE-2018-11082 | 1 Pivotal Software | 2 Cloudfoundry Uaa, Cloudfoundry Uaa Release | 2024-11-21 | 5.0 MEDIUM | 6.6 MEDIUM |
| Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. | |||||
| CVE-2017-16900 | 1 Hunesion | 1 I-onenet | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | |||||
| CVE-2015-20110 | 1 Jhipster | 1 Jhipster | 2024-11-21 | N/A | 7.5 HIGH |
| JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | |||||
| CVE-2014-2875 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID. | |||||
| CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
| CVE-2013-2257 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness | |||||
| CVE-2013-2228 | 1 Saltstack | 1 Saltstack | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| SaltStack RSA Key Generation allows remote users to decrypt communications | |||||
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | |||||
| CVE-2013-10004 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||