Total
344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2022-06-27 | 9.0 Critical |
| An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. | ||||
| CVE-2022-31273 | 1 17ido | 1 Topidp3000 Topsec Operating System | 2022-06-23 | 9.8 Critical |
| An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. | ||||
| CVE-2022-24044 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2022-06-14 | 7.5 High |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account. | ||||
| CVE-2022-29084 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-13 | 9.8 Critical |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. | ||||
| CVE-2022-30235 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2022-06-13 | 9.8 Critical |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | ||||
| CVE-2013-10004 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2022-06-08 | 9.8 Critical |
| A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2021-3412 | 1 Redhat | 2 3scale, 3scale Api Management | 2022-06-03 | 7.3 High |
| It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks. | ||||
| CVE-2022-26519 | 1 Carrier | 2 Hills Comnav, Hills Comnav Firmware | 2022-04-29 | 5.5 Medium |
| There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials. | ||||
| CVE-2020-26556 | 1 Bluetooth | 2 Bluetooth Core Specification, Mesh Profile | 2022-04-29 | 7.5 High |
| Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. | ||||
| CVE-2020-29136 | 1 Cpanel | 1 Cpanel | 2022-04-26 | 6.5 Medium |
| In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | ||||
| CVE-2021-25309 | 1 Gigaset | 2 Dx600a, Dx600a Firmware | 2022-04-26 | 9.8 Critical |
| The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. | ||||
| CVE-2022-22561 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 9.8 Critical |
| Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | ||||
| CVE-2021-43958 | 1 Atlassian | 2 Crucible, Fisheye | 2022-03-22 | 9.8 Critical |
| Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability. | ||||
| CVE-2021-29987 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2022-03-16 | 6.5 Medium |
| After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. | ||||
| CVE-2022-25820 | 1 Google | 1 Android | 2022-03-16 | 4.6 Medium |
| A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | ||||
| CVE-2022-26314 | 1 Mendix | 1 Forgot Password | 2022-03-11 | 9.8 Critical |
| A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations. | ||||
| CVE-2022-22810 | 1 Schneider-electric | 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more | 2022-02-16 | 9.8 Critical |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | ||||
| CVE-2021-20635 | 1 Logitech | 2 Lan-wh450n\/gr, Lan-wh450n\/gr Firmware | 2022-02-10 | 6.5 Medium |
| Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | ||||
| CVE-2021-22818 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2022-02-03 | 7.5 High |
| A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | ||||
| CVE-2021-43298 | 1 Embedthis | 1 Goahead | 2022-02-01 | 9.8 Critical |
| The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response. | ||||