CVE-2018-25237 Hirschmann HiSecOS Buffer Overflow via HTTPS Login

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers...

CVE-2018-25237 Hirschmann HiSecOS Buffer Overflow via HTTPS Login

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers...

EUVD-2021-12789

Malware in sbrugna...

EUVD-2022-45073

Malicious code in bioql PyPI...

EUVD-2023-1943

Malicious code in bioql PyPI...

GHSA-3V6J-V3QC-CXFF Denial of service from unlimited password lengths

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...

CVE-2023-38492

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still...

CVE-2022-41969

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

Code injection

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

Nextcloud: No password length limit when creating a user as an administrator

Hi, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf...

Zammad Denial of Service Vulnerability (CNVD-2022-70097)

Zammad is a suite of ticket management software from Zammad Germany. v5.1.0 of Zammad suffers from a denial of service vulnerability that stems from a lack of a password length limit allowing the creation of extremely long passwords, which could be exploited by an attacker to cause a denial of...

Imgur: No length on password

Hey, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behal...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR versions 5.0.0 through 6.0.0.1...

SUSE-SU-2016:2388-1 Security update for openssh

This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc970632...

SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2016:2280-1)

This update for openssh fixes the following issues : - Prevent user enumeration through the timing of password processing bsc989363, CVE-2016-6210 -preventtiminguserenumeration - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used bsc948902 - limit...

SUSE-SU-2016:2280-1 Security update for openssh

This update for openssh fixes the following issues: - Prevent user enumeration through the timing of password processing bsc989363, CVE-2016-6210 -preventtiminguserenumeration - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used bsc948902 - limit...

CVE-2010-3734

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack...

CVE-2010-3734

Summary of CVE-2010-3734 : IBM DB2 UDB 9.5 prior to FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length in the Install component, which can facilitate brute-force access attempts. This vulnerability is documented in the NVD entry for CVE-2010-3734 and is reflected in ...

CVE-2008-6792

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully condu...