Total
377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37934 | 1 Huntflow | 1 Huntflow Enterprise | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. | |||||
| CVE-2021-36750 | 2 Sandisk, Zendesk | 3 Secureaccess, Enc Datavault, Enc Vaultapi | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names). | |||||
| CVE-2021-36285 | 1 Dell | 42 Latitude 5310 2-in-1, Latitude 5310 2-in-1 Firmware, Latitude 5320 and 39 more | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. | |||||
| CVE-2021-36284 | 1 Dell | 42 Latitude 5310 2-in-1, Latitude 5310 2-in-1 Firmware, Latitude 5320 and 39 more | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. | |||||
| CVE-2021-35472 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users. | |||||
| CVE-2021-33209 | 1 Fimer | 1 Aurora Vision | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier. | |||||
| CVE-2021-33190 | 1 Apache | 1 Apisix Dashboard | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1 | |||||
| CVE-2021-32522 | 1 Qsan | 3 Sanos, Storage Manager, Xevo | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-31646 | 1 Gestsup | 1 Gestsup | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack. | |||||
| CVE-2021-29987 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. | |||||
| CVE-2021-29842 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. | |||||
| CVE-2021-29648 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. | |||||
| CVE-2021-29023 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. | |||||
| CVE-2021-28911 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access. | |||||
| CVE-2021-28909 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access. | |||||
| CVE-2021-28248 | 1 Broadcom | 1 Ehealth | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||||
| CVE-2021-27943 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations. | |||||
| CVE-2021-27514 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | |||||
| CVE-2021-27188 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | |||||