Total
291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | |||||
| CVE-2019-5421 | 1 Plataformatec | 1 Devise | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later. | |||||
| CVE-2019-1126 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | |||||
| CVE-2019-5217 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. | |||||
| CVE-2019-14951 | 1 Telenav | 1 Scout Gps Link | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile. | |||||
| CVE-2019-4068 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. | |||||
| CVE-2018-19879 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. | |||||
| CVE-2019-6524 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | |||||
| CVE-2019-14351 | 1 Espocrm | 1 Espocrm | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. | |||||
| CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | |||||
| CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2018-11082 | 1 Pivotal Software | 2 Cloudfoundry Uaa, Cloudfoundry Uaa Release | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user. | |||||
| CVE-2018-19021 | 1 Emerson | 1 Deltav | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | |||||
| CVE-2018-15759 | 1 Pivotal Software | 2 Broker Api, On Demand Services Sdk | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations. | |||||
| CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | |||||
| CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2024-02-04 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
| CVE-2018-1373 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. | |||||
| CVE-2018-12993 | 1 Onefilecms | 1 Onefilecms | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. | |||||
| CVE-2018-1475 | 1 Ibm | 1 Bigfix Platform | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756. | |||||
| CVE-2018-5469 | 1 Belden | 134 Hirschmann M1-8mm-sc, Hirschmann M1-8sfp, Hirschmann M1-8sm-sc and 131 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication. | |||||