Lucene search
K

20 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 9:22 p.m.3 views

CVE-2018-25237 Hirschmann HiSecOS Buffer Overflow via HTTPS Login

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers...

9.8CVSS6.7AI score0.00817EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 9:22 p.m.15 views

CVE-2018-25237 Hirschmann HiSecOS Buffer Overflow via HTTPS Login

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers...

9.8CVSS0.00817EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-12789

Malware in sbrugna...

8.1CVSS8AI score0.01338EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-1943

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01028EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-45073

Malicious code in bioql PyPI...

2.7CVSS3.9AI score0.00806EPSS
Exploits0References3
OSV
OSV
added 2023/07/28 3:34 p.m.16 views

GHSA-3V6J-V3QC-CXFF Denial of service from unlimited password lengths

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...

5.3CVSS6.5AI score0.01028EPSS
Exploits0References9
NVD
NVD
added 2023/07/27 4:15 p.m.28 views

CVE-2023-38492

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still...

7.5CVSS6.3AI score0.01028EPSS
Exploits0References7
NVD
NVD
added 2022/12/01 9:15 p.m.25 views

CVE-2022-41969

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

2.7CVSS0.00806EPSS
Exploits0References3
Prion
Prion
added 2022/12/01 9:15 p.m.14 views

Code injection

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

3.3CVSS4AI score0.00806EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2022/10/08 6:13 p.m.144 views

Nextcloud: No password length limit when creating a user as an administrator

Hi, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf...

3.3CVSS0.4AI score0.00806EPSS
Exploits0
CNVD
CNVD
added 2022/04/29 12:0 a.m.23 views

Zammad Denial of Service Vulnerability (CNVD-2022-70097)

Zammad is a suite of ticket management software from Zammad Germany. v5.1.0 of Zammad suffers from a denial of service vulnerability that stems from a lack of a password length limit allowing the creation of extremely long passwords, which could be exploited by an attacker to cause a denial of...

5CVSS4.8AI score0.00918EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2021/11/28 2:29 p.m.743 views

Imgur: No length on password

Hey, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behal...

7.7AI score
Exploits0
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.5 views

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR versions 5.0.0 through 6.0.0.1...

8.1CVSS7.7AI score0.01338EPSS
Exploits1References3
OSV
OSV
added 2016/09/26 3:11 p.m.21 views

SUSE-SU-2016:2388-1 Security update for openssh

This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc970632...

9.8CVSS6.7AI score0.88944EPSS
Exploits30References16
Tenable Nessus
Tenable Nessus
added 2016/09/13 12:0 a.m.68 views

SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2016:2280-1)

This update for openssh fixes the following issues : - Prevent user enumeration through the timing of password processing bsc989363, CVE-2016-6210 -preventtiminguserenumeration - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used bsc948902 - limit...

7.8CVSS6.8AI score0.88944EPSS
Exploits17References9
OSV
OSV
added 2016/09/09 1:40 p.m.20 views

SUSE-SU-2016:2280-1 Security update for openssh

This update for openssh fixes the following issues: - Prevent user enumeration through the timing of password processing bsc989363, CVE-2016-6210 -preventtiminguserenumeration - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used bsc948902 - limit...

7.8CVSS6.8AI score0.88944EPSS
Exploits17References7
Cvelist
Cvelist
added 2010/10/05 5:0 p.m.32 views

CVE-2010-3734

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack...

6.3AI score0.0143EPSS
Exploits0References3
CVE
CVE
added 2010/10/05 5:0 p.m.67 views

CVE-2010-3734

Summary of CVE-2010-3734 : IBM DB2 UDB 9.5 prior to FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length in the Install component, which can facilitate brute-force access attempts. This vulnerability is documented in the NVD entry for CVE-2010-3734 and is reflected in ...

5CVSS6.5AI score0.0143EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2009/05/07 5:30 p.m.30 views

CVE-2008-6792

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully condu...

5CVSS5.9AI score0.011EPSS
Exploits0References1
Rows per page
Query Builder