Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2024-04-24 CVE-2024-28825 Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
network
low complexity
checkmk CWE-307
critical
9.8
2024-03-18 CVE-2024-21662 Improper Restriction of Excessive Authentication Attempts vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-307
critical
9.1
2024-03-18 CVE-2024-21652 Improper Restriction of Excessive Authentication Attempts vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-307
critical
9.8
2024-03-06 CVE-2024-24767 Improper Restriction of Excessive Authentication Attempts vulnerability in Icewhale Casaos 0.4.5/0.4.6
CasaOS-UserService provides user management functionalities to CasaOS.
network
low complexity
icewhale CWE-307
critical
9.8
2024-02-19 CVE-2024-1345 Improper Restriction of Excessive Authentication Attempts vulnerability in Laborofficefree 19.10
Weak MySQL database root password in LaborOfficeFree affects version 19.10.
local
low complexity
laborofficefree CWE-307
5.5
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-01-25 CVE-2023-33759 Improper Restriction of Excessive Authentication Attempts vulnerability in Splicecom Maximiser Soft PBX
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.
network
low complexity
splicecom CWE-307
critical
9.8
2024-01-22 CVE-2022-45790 Improper Restriction of Excessive Authentication Attempts vulnerability in Omron products
The Omron FINS protocol has an authenticated feature to prevent access to memory regions.
network
low complexity
omron CWE-307
critical
9.1
2024-01-11 CVE-2023-50123 Improper Restriction of Excessive Authentication Attempts vulnerability in Hozard Alarm System 1.0
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited.
network
high complexity
hozard CWE-307
8.1
2023-12-20 CVE-2023-6912 Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
network
low complexity
m-files CWE-307
critical
9.8