Total
421 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2024-11-21 | 9.8 Critical |
| Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | ||||
| CVE-2020-23283 | 1 Mv | 1 Mconnect | 2024-11-21 | 7.5 High |
| Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | ||||
| CVE-2020-21238 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | ||||
| CVE-2020-21237 | 1 8cms | 1 Ljcms | 2024-11-21 | 9.8 Critical |
| An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | ||||
| CVE-2020-1616 | 1 Juniper | 2 Advanced Threat Protection, Virtual Advanced Threat Protection | 2024-11-21 | 5.3 Medium |
| Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. | ||||
| CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 9.8 Critical |
| Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | ||||
| CVE-2020-15906 | 1 Tiki | 1 Tiki | 2024-11-21 | 9.8 Critical |
| tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | ||||
| CVE-2020-15786 | 1 Siemens | 8 Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Basic Panels 2nd Generation Firmware, Simatic Hmi Comfort Panels and 5 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | ||||
| CVE-2020-15770 | 1 Gradle | 1 Enterprise | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | ||||
| CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2024-11-21 | 9.8 Critical |
| Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | ||||
| CVE-2020-14494 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 9.8 Critical |
| OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. | ||||
| CVE-2020-14484 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 9.8 Critical |
| OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | ||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2024-11-21 | 8.8 High |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | ||||
| CVE-2020-13835 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | ||||
| CVE-2020-13805 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | ||||
| CVE-2020-13617 | 1 Mitel | 22 6863, 6863 Firmware, 6865 and 19 more | 2024-11-21 | 7.5 High |
| The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. | ||||
| CVE-2020-13312 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | ||||
| CVE-2020-12752 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). | ||||
| CVE-2020-12645 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 9.8 Critical |
| OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | ||||
| CVE-2020-11650 | 1 Ixsystems | 4 Freenas, Freenas Firmware, Truenas and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. | ||||