Total
344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2022-10-20 | 9.8 Critical |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | ||||
| CVE-2022-33106 | 1 Wijungle | 2 U250, U250 Firmware | 2022-10-14 | 9.8 Critical |
| WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | ||||
| CVE-2022-31228 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2022-10-14 | 9.8 Critical |
| Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. | ||||
| CVE-2017-11187 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-10-03 | N/A |
| phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. | ||||
| CVE-2020-15770 | 1 Gradle | 1 Enterprise | 2022-09-30 | 5.5 Medium |
| An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | ||||
| CVE-2022-33735 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2022-09-22 | 6.5 Medium |
| There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. | ||||
| CVE-2022-37145 | 1 Plextrac | 1 Plextrac | 2022-09-13 | 7.5 High |
| The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider. | ||||
| CVE-2022-37144 | 1 Plextrac | 1 Plextrac | 2022-09-13 | 8.8 High |
| The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user. | ||||
| CVE-2022-2822 | 1 Octoprint | 1 Octoprint | 2022-08-16 | 7.5 High |
| An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts. | ||||
| CVE-2022-2457 | 1 Redhat | 1 Process Automation Manager | 2022-08-16 | 9.8 Critical |
| A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts. | ||||
| CVE-2022-35932 | 1 Nextcloud | 1 Talk | 2022-08-15 | 5.3 Medium |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations. | ||||
| CVE-2022-35490 | 1 Zammad | 1 Zammad | 2022-08-12 | 9.8 Critical |
| Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place. | ||||
| CVE-2022-31118 | 1 Nextcloud | 1 Nextcloud Server | 2022-08-10 | 5.3 Medium |
| Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`. | ||||
| CVE-2022-31234 | 1 Dell | 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more | 2022-07-30 | 9.8 Critical |
| Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | ||||
| CVE-2022-24689 | 1 Dsk | 1 Dsknet | 2022-07-28 | 5.3 Medium |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being authenticated. The collected information includes the badge numbers that operate as user login names. They have a PIN code. The PIN code is 4 digits and thus can be guessed in 10000 brute force attempts. | ||||
| CVE-2022-22452 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-07-20 | 7.5 High |
| IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918. | ||||
| CVE-2022-2321 | 1 Heroiclabs | 1 Nakama | 2022-07-14 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks. | ||||
| CVE-2021-20415 | 1 Ibm | 1 Guardium Data Encryption | 2022-07-12 | 7.5 High |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217. | ||||
| CVE-2018-19021 | 1 Emerson | 1 Deltav | 2022-07-12 | 6.5 Medium |
| A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | ||||
| CVE-2022-22496 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Server, Linux Kernel and 1 more | 2022-07-08 | 6.5 Medium |
| While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. | ||||