Total
405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49792 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-49443 | 1 Html-js | 1 Doracms | 2024-11-21 | N/A | 9.8 CRITICAL |
| DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. | |||||
| CVE-2023-49278 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A | 5.3 MEDIUM |
| Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | |||||
| CVE-2023-48745 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. | |||||
| CVE-2023-48318 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. | |||||
| CVE-2023-48290 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20. | |||||
| CVE-2023-48276 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. | |||||
| CVE-2023-48028 | 1 Kodcloud | 1 Kodbox | 2024-11-21 | N/A | 9.8 CRITICAL |
| kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | |||||
| CVE-2023-45191 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | |||||
| CVE-2023-45149 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 4.3 MEDIUM |
| Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-45148 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached. | |||||
| CVE-2023-45009 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3. | |||||
| CVE-2023-44235 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0. | |||||
| CVE-2023-44111 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-44096 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-43699 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | |||||
| CVE-2023-42769 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | |||||
| CVE-2023-41350 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | |||||
| CVE-2023-41270 | 1 Samsung | 2 Ue40d7000, Ue40d7000 Firmware | 2024-11-21 | N/A | 3.5 LOW |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | |||||
| CVE-2023-40834 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A | 9.8 CRITICAL |
| OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | |||||