Total
474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5862 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14. | |||||
| CVE-2024-3102 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | N/A | 5.3 MEDIUM |
| A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security. | |||||
| CVE-2024-39917 | 1 Neutrinolabs | 1 Xrdp | 2024-11-21 | N/A | 7.2 HIGH |
| xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. | |||||
| CVE-2024-39874 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-39873 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2024-11-21 | N/A | 8.1 HIGH |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-35747 | 1 Contact Form Builder Project | 1 Contact Form Builder | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | |||||
| CVE-2024-32720 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. | |||||
| CVE-2024-32676 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0. | |||||
| CVE-2024-2051 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. | |||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | |||||
| CVE-2024-25031 | 1 Ibm | 1 Storage Defender | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | |||||
| CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2024-11-21 | N/A | 9.1 CRITICAL |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | |||||
| CVE-2023-6928 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | |||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 7.5 HIGH |
| Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | |||||
| CVE-2023-6756 | 1 Thecosy | 1 Icecms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884. | |||||
| CVE-2023-6272 | 1 Thememylogin | 1 2fa | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. | |||||
| CVE-2023-5754 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | |||||
| CVE-2023-50444 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2024-11-21 | N/A | 7.5 HIGH |
| By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. | |||||
| CVE-2023-50326 | 1 Ibm | 1 Powersc | 2024-11-21 | N/A | 7.5 HIGH |
| IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107. | |||||