Total
291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1616 | 1 Juniper | 2 Advanced Threat Protection, Virtual Advanced Threat Protection | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. | |||||
| CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
| CVE-2020-13805 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | |||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | |||||
| CVE-2020-10876 | 2 Mica, Oklok Project | 2 Fingerprint Bluetooth Padlock Fb50, Oklok | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. | |||||
| CVE-2019-18917 | 1 Hp | 16 Deskjet Ink Advantage 5000 M2u86a, Deskjet Ink Advantage 5000 M2u86a Firmware, Deskjet Ink Advantage 5000 M2u89b and 13 more | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | |||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | |||||
| CVE-2020-14484 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | |||||
| CVE-2020-10849 | 2 Google, Samsung | 4 Android, Exynos 7885, Exynos 8895 and 1 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). | |||||
| CVE-2019-13166 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | |||||
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| HCL AppScan Standard is vulnerable to excessive authorization attempts | |||||
| CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
| CVE-2020-13617 | 1 Mitel | 22 6863, 6863 Firmware, 6865 and 19 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | |||||
| CVE-2019-20031 | 1 Nec | 4 Um4730, Um4730 Firmware, Um8000 and 1 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | |||||
| CVE-2020-4193 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | |||||
| CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | |||||
| CVE-2020-7525 | 1 Schneider-electric | 4 Spacelynk, Spacelynk Firmware, Wiser For Knx and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | |||||
| CVE-2019-14299 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. | |||||
| CVE-2020-14494 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. | |||||
| CVE-2020-7995 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | |||||