Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42480 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 5.3 MEDIUM |
| The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | |||||
| CVE-2023-41350 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | |||||
| CVE-2023-41270 | 1 Samsung | 2 Ue40d7000, Ue40d7000 Firmware | 2024-11-21 | N/A | 3.5 LOW |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | |||||
| CVE-2023-40834 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A | 9.8 CRITICAL |
| OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | |||||
| CVE-2023-40706 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2024-11-21 | N/A | 8.6 HIGH |
| There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login. | |||||
| CVE-2023-3669 | 1 Codesys | 1 Development System | 2024-11-21 | N/A | 3.3 LOW |
| A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | |||||
| CVE-2023-3605 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467. | |||||
| CVE-2023-3548 | 1 Johnsoncontrols | 2 Iq Wifi 6, Iq Wifi 6 Firmware | 2024-11-21 | N/A | 8.3 HIGH |
| An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | |||||
| CVE-2023-3173 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | |||||
| CVE-2023-39960 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.0 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available. | |||||
| CVE-2023-39958 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.8 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-38273 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. | |||||
| CVE-2023-37832 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | |||||
| CVE-2023-37635 | 1 Uvdesk | 1 Community-skeleton | 2024-11-21 | N/A | 9.8 CRITICAL |
| UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | |||||
| CVE-2023-36917 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 5.9 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account. | |||||
| CVE-2023-36434 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows IIS Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-35697 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | |||||
| CVE-2023-35172 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 8.7 HIGH |
| NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-35039 | 1 Bedevious | 1 Password Reset With Code For Wordpress Rest Api | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | |||||
| CVE-2023-34243 | 1 Tgstation13 | 1 Tgstation-server | 2024-11-21 | N/A | 5.8 MEDIUM |
| TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban. | |||||