Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27152 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 9.8 Critical |
| DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | ||||
| CVE-2023-26756 | 1 Revive | 1 Adserver | 2024-11-21 | 7.5 High |
| The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features. | ||||
| CVE-2023-26271 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. | ||||
| CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-24051 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-11-21 | 9.8 Critical |
| A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | ||||
| CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2024-11-21 | 7.5 High |
| Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | ||||
| CVE-2022-4797 | 1 Usememos | 1 Memos | 2024-11-21 | 4.3 Medium |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4006 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 3.7 Low |
| A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716. | ||||
| CVE-2022-45893 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 8.8 High |
| Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access. | ||||
| CVE-2022-45790 | 1 Omron | 92 Cj1g-cpu42p, Cj1g-cpu42p Firmware, Cj1g-cpu43p and 89 more | 2024-11-21 | 8.6 High |
| The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. | ||||
| CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2024-11-21 | 5.3 Medium |
| PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | ||||
| CVE-2022-44022 | 1 Pwndoc Project | 1 Pwndoc | 2024-11-21 | 5.3 Medium |
| PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | ||||
| CVE-2022-43947 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions. | ||||
| CVE-2022-43904 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 High |
| IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895. | ||||
| CVE-2022-42478 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 8.1 High |
| An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. | ||||
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2024-11-21 | 9.8 Critical |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | ||||
| CVE-2022-3993 | 1 Kavitareader | 1 Kavita | 2024-11-21 | 9.4 Critical |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | ||||
| CVE-2022-3945 | 1 Kavitareader | 1 Kavita | 2024-11-21 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | ||||
| CVE-2022-3741 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 9.8 Critical |
| Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | ||||