CWE-799
Improper Control of Interaction Frequency
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
CVE-2023-2758 (GCVE-0-2023-2758)
Vulnerability from cvelistv5 – Published: 2023-05-31 14:09 – Updated: 2025-01-09 20:26
VLAI
Title
Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service
Summary
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Contec | CONPROSYS HMI System |
Affected:
0 , ≤ 3.5.2
(custom)
|
Date Public
2023-05-31 14:08
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-21"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93372935/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T20:25:29.496343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T20:26:25.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CONPROSYS HMI System",
"vendor": "Contec",
"versions": [
{
"lessThanOrEqual": "3.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-05-31T14:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time."
}
],
"value": "A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T14:09:49.809Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-21"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-2758",
"datePublished": "2023-05-31T14:09:49.809Z",
"dateReserved": "2023-05-17T12:46:36.673Z",
"dateUpdated": "2025-01-09T20:26:25.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35621 (GCVE-0-2023-35621)
Vulnerability from cvelistv5 – Published: 2023-12-12 18:10 – Updated: 2025-01-01 02:18
VLAI
Title
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
Summary
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
Severity
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Dynamics 365 for Finance and Operations |
Affected:
10.0.38 , < 7.0.7120.46
(custom)
|
|
| Microsoft | Dynamics 365 for Finance and Operations |
Affected:
10.0.37 , < 7.0.7068.109
(custom)
|
|
| Microsoft | Dynamics 365 for Finance and Operations |
Affected:
10.0.32 , < 7.0.7036.133
(custom)
|
Date Public
2023-12-12 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 for Finance and Operations",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7120.46",
"status": "affected",
"version": "10.0.38",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 for Finance and Operations",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7068.109",
"status": "affected",
"version": "10.0.37",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 for Finance and Operations",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.7036.133",
"status": "affected",
"version": "10.0.32",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:*:finance_and_operations:*:*",
"versionEndExcluding": "7.0.7120.46",
"versionStartIncluding": "10.0.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:*:finance_and_operations:*:*",
"versionEndExcluding": "7.0.7068.109",
"versionStartIncluding": "10.0.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:*:finance_and_operations:*:*",
"versionEndExcluding": "7.0.7036.133",
"versionStartIncluding": "10.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-12-12T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T02:18:45.442Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621"
}
],
"title": "Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-35621",
"datePublished": "2023-12-12T18:10:56.691Z",
"dateReserved": "2023-06-15T01:03:28.506Z",
"dateUpdated": "2025-01-01T02:18:45.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40332 (GCVE-0-2023-40332)
Vulnerability from cvelistv5 – Published: 2024-06-04 07:18 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress WP-PostRatings plugin <= 1.91 - Rating limit Bypass vulnerability
Summary
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wp-… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lester ‘GaMerZ’ Chan | WP-PostRatings |
Affected:
n/a , ≤ 1.91
(custom)
|
|
| lesterchan | wp-postratings |
Affected:
0 , ≤ 1.91
(custom)
cpe:2.3:a:lesterchan:wp-postratings:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lesterchan:wp-postratings:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "wp-postratings",
"vendor": "lesterchan",
"versions": [
{
"lessThanOrEqual": "1.91",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T19:59:04.339119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T20:00:38.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-postratings/wordpress-wp-postratings-plugin-1-91-rating-limit-bypass-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-postratings",
"product": "WP-PostRatings",
"vendor": "Lester \u2018GaMerZ\u2019 Chan",
"versions": [
{
"changes": [
{
"at": "1.91.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.91",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Interaction Frequency vulnerability in Lester \u2018GaMerZ\u2019 Chan WP-PostRatings allows Functionality Misuse.\u003cp\u003eThis issue affects WP-PostRatings: from n/a through 1.91.\u003c/p\u003e"
}
],
"value": "Improper Control of Interaction Frequency vulnerability in Lester \u2018GaMerZ\u2019 Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799 Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:36.541Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wp-postratings/wordpress-wp-postratings-plugin-1-91-rating-limit-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.91.1 or a higher version."
}
],
"value": "Update to 1.91.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP-PostRatings plugin \u003c= 1.91 - Rating limit Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-40332",
"datePublished": "2024-06-04T07:18:30.124Z",
"dateReserved": "2023-08-14T14:47:15.113Z",
"dateUpdated": "2026-04-28T16:08:36.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40673 (GCVE-0-2023-40673)
Vulnerability from cvelistv5 – Published: 2024-06-04 07:21 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Cartpauj Register Captcha plugin <= 1.0.02 - Captcha Bypass vulnerability
Summary
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/car… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cartpauj | Cartpauj Register Captcha |
Affected:
n/a , ≤ 1.0.02
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:46:49.112374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:02.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/cartpauj-register-captcha/wordpress-cartpauj-register-captcha-plugin-1-0-02-captcha-bypass-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cartpauj-register-captcha",
"product": "Cartpauj Register Captcha",
"vendor": "cartpauj",
"versions": [
{
"changes": [
{
"at": "2.0.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.02",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "qilin_99 (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.\u003cp\u003eThis issue affects Cartpauj Register Captcha: from n/a through 1.0.02.\u003c/p\u003e"
}
],
"value": ": Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:37.177Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/cartpauj-register-captcha/wordpress-cartpauj-register-captcha-plugin-1-0-02-captcha-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.0.0 or a higher version."
}
],
"value": "Update to 2.0.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Cartpauj Register Captcha plugin \u003c= 1.0.02 - Captcha Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-40673",
"datePublished": "2024-06-04T07:21:34.896Z",
"dateReserved": "2023-08-18T15:18:28.336Z",
"dateUpdated": "2026-04-28T16:08:37.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51544 (GCVE-0-2023-51544)
Vulnerability from cvelistv5 – Published: 2024-06-04 12:27 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability
Summary
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/cus… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Metagauss | RegistrationMagic |
Affected:
n/a , ≤ 5.2.5.0
(custom)
|
|
| metagauss | registrationmagic |
Affected:
1.0 , ≤ 5.2.5.0
(custom)
cpe:2.3:a:metagauss:registrationmagic:1.0:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:metagauss:registrationmagic:1.0:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "registrationmagic",
"vendor": "metagauss",
"versions": [
{
"lessThanOrEqual": "5.2.5.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:32:12.192855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:23.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:32.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-form-submission-limit-bypass-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "custom-registration-form-builder-with-submission-manager",
"product": "RegistrationMagic",
"vendor": "Metagauss",
"versions": [
{
"changes": [
{
"at": "5.2.5.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.5.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kyle Sanchez (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.\u003cp\u003eThis issue affects RegistrationMagic: from n/a through 5.2.5.0.\u003c/p\u003e"
}
],
"value": "Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799 Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:04.283Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-form-submission-limit-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.2.5.1 or a higher version."
}
],
"value": "Update to 5.2.5.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress RegistrationMagic plugin \u003c= 5.2.5.0 - Form Submission Limit Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51544",
"datePublished": "2024-06-04T12:27:32.353Z",
"dateReserved": "2023-12-20T19:26:40.707Z",
"dateUpdated": "2026-04-28T16:09:04.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0094 (GCVE-0-2024-0094)
Vulnerability from cvelistv5 – Published: 2024-06-13 21:23 – Updated: 2024-08-01 17:41
VLAI
Title
CVE
Summary
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | vGPU software and Cloud Gaming |
Affected:
All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T18:10:54.979762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T18:11:02.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vGPU software and Cloud Gaming",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service."
}
],
"value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T21:23:31.858Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0094",
"datePublished": "2024-06-13T21:23:31.858Z",
"dateReserved": "2023-12-02T00:42:03.955Z",
"dateUpdated": "2024-08-01T17:41:16.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11126 (GCVE-0-2024-11126)
Vulnerability from cvelistv5 – Published: 2024-11-12 14:31 – Updated: 2024-11-12 20:13
VLAI
Title
Digistar AG-30 Plus Login Page excessive authentication
Summary
A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.283974 | vdb-entry |
| https://vuldb.com/?ctiid.283974 | signaturepermissions-required |
| https://vuldb.com/?submit.437096 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digistar | AG-30 Plus |
Affected:
2.6b
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:44:06.971579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:13:26.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Login Page"
],
"product": "AG-30 Plus",
"vendor": "Digistar",
"versions": [
{
"status": "affected",
"version": "2.6b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "W0t4n (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Digistar AG-30 Plus 2.6b ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Login Page. Durch das Beeinflussen mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:31:06.409Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283974 | Digistar AG-30 Plus Login Page excessive authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.283974"
},
{
"name": "VDB-283974 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283974"
},
{
"name": "Submit #437096 | Digistar AG-30 Plus 2.6b Improper Restriction of Excessive Authentication Attempts",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.437096"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-12T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-12T08:12:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Digistar AG-30 Plus Login Page excessive authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11126",
"datePublished": "2024-11-12T14:31:06.409Z",
"dateReserved": "2024-11-12T07:06:57.964Z",
"dateUpdated": "2024-11-12T20:13:26.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13274 (GCVE-0-2024-13274)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:27 – Updated: 2025-01-14 17:08
VLAI
Title
Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038
Summary
Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Open Social |
Affected:
0.0.0 , < 12.3.8
(semver)
Affected: 12.4.0 , < 12.4.5 (semver) |
Date Public
2024-09-04 16:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T17:08:00.440414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T17:08:25.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/social",
"defaultStatus": "unaffected",
"product": "Open Social",
"repo": "https://git.drupalcode.org/project/social",
"vendor": "Drupal",
"versions": [
{
"lessThan": "12.3.8",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.5",
"status": "affected",
"version": "12.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "vnech"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Ronald te Brake"
},
{
"lang": "en",
"type": "remediation developer",
"value": "vnech"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec"
},
{
"lang": "en",
"type": "coordinator",
"value": "Heine Deelstra"
}
],
"datePublic": "2024-09-04T16:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.\u003c/p\u003e"
}
],
"value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799 Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:27:04.989Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-038"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13274",
"datePublished": "2025-01-09T19:27:04.989Z",
"dateReserved": "2025-01-09T18:28:09.371Z",
"dateUpdated": "2025-01-14T17:08:25.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24873 (GCVE-0-2024-24873)
Vulnerability from cvelistv5 – Published: 2024-05-17 08:24 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability
Summary
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/cp-… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodePeople | CP Polls |
Affected:
n/a , ≤ 1.0.71
(custom)
|
|
| codepeople | polls_cp |
Affected:
0 , ≤ 1.0.71
(custom)
cpe:2.3:a:codepeople:polls_cp:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codepeople:polls_cp:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "polls_cp",
"vendor": "codepeople",
"versions": [
{
"lessThanOrEqual": "1.0.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:28:25.585426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T13:39:11.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-polls-limitation-bypass-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cp-polls",
"product": "CP Polls",
"vendor": "CodePeople",
"versions": [
{
"changes": [
{
"at": "1.0.72",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.71",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kyle Sanchez (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.\u003cp\u003eThis issue affects CP Polls: from n/a through 1.0.71.\u003c/p\u003e"
}
],
"value": ": Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:11.029Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-polls-limitation-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.0.72 or a higher version."
}
],
"value": "Update to 1.0.72 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Polls CP plugin \u003c= 1.0.71 - Polls Limitation Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-24873",
"datePublished": "2024-05-17T08:24:16.872Z",
"dateReserved": "2024-02-01T09:55:37.344Z",
"dateUpdated": "2026-04-28T16:09:11.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32943 (GCVE-0-2024-32943)
Vulnerability from cvelistv5 – Published: 2024-06-20 22:12 – Updated: 2024-08-02 02:27
VLAI
Title
Westermo L210-F2G Lynx Improper Control of Interaction Frequency
Summary
An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Westermo | L210-F2G Lynx |
Affected:
4.21.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T13:47:36.074775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T13:47:48.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:52.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "L210-F2G Lynx",
"vendor": "Westermo",
"versions": [
{
"status": "affected",
"version": "4.21.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nAn attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.\n\n"
}
],
"value": "An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T22:12:34.239Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
}
],
"source": {
"advisory": "ICSA-24-172-03",
"discovery": "EXTERNAL"
},
"title": "Westermo L210-F2G Lynx Improper Control of Interaction Frequency",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-32943",
"datePublished": "2024-06-20T22:12:34.239Z",
"dateReserved": "2024-06-13T14:52:17.243Z",
"dateUpdated": "2024-08-02T02:27:52.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.