CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2022/12/23 12:0 a.m.•30 views

CVE-2022-4723 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5...

6.3CVSS6.7AI score0.00632EPSS

Vulnrichment•added 2022/12/23 12:0 a.m.•5 views

CVE-2022-4721 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in ikus060/rdiffweb

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository ikus060/rdiffweb prior to 2.5.5...

6.6CVSS6.7AI score0.00485EPSS

Vulnrichment•added 2022/12/23 12:0 a.m.•3 views

CVE-2022-4723 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5...

6.3CVSS6.8AI score0.00632EPSS

Positive Technologies•added 2022/12/23 12:0 a.m.•1 views

PT-2022-28032 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is an Open Redirect in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue...

8.8CVSS6.1AI score0.00481EPSS

Positive Technologies•added 2022/12/23 12:0 a.m.•3 views

PT-2022-28038 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is related to improper access control in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue...

9.8CVSS8.2AI score0.00827EPSS

Positive Technologies•added 2022/12/23 12:0 a.m.•3 views

PT-2022-28031 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue concerns Business Logic Errors in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue...

9.8CVSS5.8AI score0.00967EPSS

Vulnrichment•added 2022/12/23 12:0 a.m.•6 views

CVE-2022-4719 Business Logic Errors in ikus060/rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...

5.7CVSS6.8AI score0.00967EPSS

Vulnrichment•added 2022/12/23 12:0 a.m.•6 views

CVE-2022-4722 Authentication Bypass by Primary Weakness in ikus060/rdiffweb

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5...

7.2CVSS6.8AI score0.0113EPSS

Cvelist•added 2022/12/23 12:0 a.m.•27 views

CVE-2022-4720 Open Redirect in ikus060/rdiffweb

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5...

6.1CVSS6.5AI score0.00481EPSS

Positive Technologies•added 2022/12/23 12:0 a.m.•3 views

PT-2022-28037 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is related to the allocation of resources without limits or throttling in the rdiffweb GitHub repository. Specifically, there is no rate limit on the "resend email feature" when enabling...

7.1CVSS6.1AI score0.00632EPSS

Vulnrichment•added 2022/12/23 12:0 a.m.•5 views

CVE-2022-4720 Open Redirect in ikus060/rdiffweb

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5...

6.1CVSS6.8AI score0.00481EPSS

OSV•added 2022/12/23 12:0 a.m.•17 views

CVE-2022-4724 Improper Access Control in ikus060/rdiffweb

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5...

8.4CVSS8.3AI score0.00827EPSS

Exploits1References4

CVE•added 2022/12/23 12:0 a.m.•73 views

CVE-2022-4724

The CVE-2022-4724 entry concerns the rdiffweb project by ikus060 and stems from improper access control in versions prior to 2.5.5. The NVD entry lists a base CVSSv3.1 score of 9.8 (CRITICAL) with NETWORK attack vector and high impact on confidentiality, integrity, and availability; CNA/other sou...

9.8CVSS9.2AI score0.00827EPSS

CVE•added 2022/12/23 12:0 a.m.•61 views

CVE-2022-4720

Open Redirect vulnerability CVE-2022-4720 affects the rdiffweb project (GitHub: ikus060/rdiffweb) prior to version 2.5.5. Root cause details are not explicitly provided in the initial document beyond the classification as an Open Redirect. Impact and exploitation specifics are not enumerated in t...

6.1CVSS6.2AI score0.00481EPSS

CVE•added 2022/12/23 12:0 a.m.•67 views

CVE-2022-4719

CVE-2022-4719 concerns RDiffWeb (GitHub: ikus060/rdiffweb) with Business Logic Errors in versions prior to 2.5.5 . The connected materials consistently identify the issue type as business logic, affecting pre-2.5.5 builds. A remediation is to upgrade to version 2.5.5 or later . The sources do not...

9.8CVSS7.4AI score0.00967EPSS

CVE•added 2022/12/23 12:0 a.m.•68 views

CVE-2022-4723

rdiffweb (ikus060/rdiffweb) prior to version 2.5.5 is affected by an absence of rate limiting on the resend email feature when enabling or disabling 2FA via the /prefs/mfa endpoint. This can allow resource allocation without limits, as described across multiple sources. Affected component is the ...

6.5CVSS6.3AI score0.00632EPSS

CVE•added 2022/12/23 12:0 a.m.•73 views

CVE-2022-4721

CVE-2022-4721 affects the rdiffweb project (ikus060/rdiffweb). The issue is a lack of sanitization of characters in SSH key names, enabling special-element injection (a hyperlink injection) that could redirect victims to malicious sites. Affected versions are prior to 2.5.5. Exploitation details ...

6.6CVSS5.5AI score0.00485EPSS