CWE:
 

Tytuł
Data
Autor
Med.
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass
24.09.2024
SivertPL
Low
M2B GSM Wireless Alarm System Brute Force Issue
28.11.2016
Gerhard Klostermeier
Low
innovaphone IP222 11r2 sr9 Brute Force
26.03.2016
Sven Freund


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-10-09
Waiting for details
CVE-2024-7292

Updating...
 

 
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.

 
2024-10-04
Waiting for details
CVE-2024-47656

Updating...
 

 
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts.

 
2024-09-19
Waiting for details
CVE-2024-47088

Updating...
 

 
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.

 
2024-09-18
Waiting for details
CVE-2024-5682

Updating...
 

 
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1.

 
2024-09-11
Waiting for details
CVE-2024-45327

Updating...
 

 
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.

 
Waiting for details
CVE-2024-45790

Updating...
 

 
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts.

 
2024-09-06
Waiting for details
CVE-2024-32771

Updating...
 

 
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

 
2024-09-05
Waiting for details
CVE-2024-8462

Updating...
 

 
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component.

 
2024-08-14
Waiting for details
CVE-2024-39398

Updating...
 

 
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.

 
2024-08-13
Waiting for details
CVE-2024-41904

Updating...
 

 
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top