Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

544 matches found

OSV
OSVadded 2022/10/06 6:16 p.m.4 views

PYSEC-2022-43156

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

9.8CVSS9.6AI score0.00441EPSS
Exploits1References5
OSV
OSVadded 2022/10/06 6:16 p.m.17 views

PYSEC-2022-302

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

8.2CVSS2.6AI score0.00997EPSS
Exploits1References4
Veracode
Veracodeadded 2022/10/06 6:31 a.m.12 views

Denial Of Service (DoS)

rdiffweb is vulnerable to Denial Of Service DoS. A malicious user is able to set the Token name with a long string leading to memory corruption, resulting in an application crash...

7.5CVSS7.2AI score0.00983EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2022/10/06 12:0 a.m.27 views

CVE-2022-3389 Path Traversal in ikus060/rdiffweb

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

8.2CVSS7.7AI score0.00997EPSS
Exploits1References2
OSV
OSVadded 2022/10/06 12:0 a.m.13 views

CVE-2022-3376 Weak Password Requirements in ikus060/rdiffweb

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

3.5CVSS4.5AI score0.00672EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/06 12:0 a.m.2 views

PT-2022-21891 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.10 Description: The issue is related to Path Traversal in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.4.10, update to version 2.4.10 to resolve the issue...

8.7CVSS7.6AI score0.00997EPSS
Exploits1References9
Cvelist
Cvelistadded 2022/10/06 12:0 a.m.25 views

CVE-2022-3273 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

3.6CVSS9.8AI score0.00441EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2022/10/06 12:0 a.m.2 views

PT-2022-21868 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a4 Description: The issue concerns weak password requirements. Specifically, it allows users to set their new password to be the same as the old password during a password reset. This is resolved in version...

5.3CVSS4AI score0.00672EPSS
Exploits1References8
CNNVD
CNNVDadded 2022/10/06 12:0 a.m.3 views

Rdiffweb 加密问题漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.0a4, which stems from the fact that it does not reasonably limit or...

9.8CVSS5.8AI score0.00441EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/10/06 12:0 a.m.3 views

Rdiffweb 路径遍历漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your files through an efficient web interface. A path traversal vulnerability exists in Rdiffweb versions prior to 2.4.10, which stems from a vulnerability that allows an attacker to...

8.2CVSS7.5AI score0.00997EPSS
Exploits1References4
CVE
CVEadded 2022/10/06 12:0 a.m.63 views

CVE-2022-3273

CVE-2022-3273 affects the GitHub repository ikus060/rdiffweb, specifically versions prior to 2.5.0a4. The root cause is an allocation of resources without limits or throttling. The vulnerability can lead to resource exhaustion, affecting availability and potentially exposing or degrading service ...

9.8CVSS6.5AI score0.00441EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2022/10/06 12:0 a.m.84 views

CVE-2022-3389

The CVE-2022-3389 entry concerns the Rdiffweb project (ikus060/rdiffweb). Affected version: prior to 2.4.10, with a Path Traversal vulnerability in the file/path handling. The issue is documented as a vulnerability in path traversal (no exploitation details provided in the connected sources). Mit...

8.2CVSS7.6AI score0.00997EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2022/10/06 12:0 a.m.5 views

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your files through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.0a4, which stems from a failure to require a password setting that...

5.3CVSS5.1AI score0.00672EPSS
Exploits1References3
OSV
OSVadded 2022/10/06 12:0 a.m.23 views

CVE-2022-3389 Path Traversal in ikus060/rdiffweb

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

8.2CVSS8AI score0.00997EPSS
Exploits1References4
CVE
CVEadded 2022/10/06 12:0 a.m.57 views

CVE-2022-3376

CVE-2022-3376 affects rdiffweb (ikus060/rdiffweb) prior to version 2.5.0a4. The reported issue is weak password requirements that allow a new password to be the same as the old one during password reset. According to multiple sources (GHSA/OSV/PYSEC and NVD entries), this is mitigated in 2.5.0a4 ...

5.3CVSS4.5AI score0.00672EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2022/10/03 3:15 a.m.17 views

Authentication Bypass

rdiffweb is vulnerable to authentication bypass. The vulnerability exists because the validatepassword function of pageadmin.py does not properly validate the password score, allowing an attacker to bypass the application logic to set a blank password...

4.3CVSS5.3AI score0.0055EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2022/10/01 12:0 a.m.21 views

rdiffweb's lack of token name length limit can result in DoS or memory corruption

rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue...

7.5CVSS7.2AI score0.00983EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2022/10/01 12:0 a.m.11 views

GHSA-3FHQ-72HW-JQWV rdiffweb's lack of token name length limit can result in DoS or memory corruption

rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue...

8.7CVSS7.3AI score0.00983EPSS
Exploits1References5
PyPA
PyPAadded 2022/09/30 2:15 p.m.4 views

PYSEC-2022-299

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

7.5CVSS6.8AI score0.00983EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2022/09/30 2:15 p.m.36 views

PYSEC-2022-299

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

7.5CVSS1.6AI score0.00983EPSS
Exploits1References5
Rows per page
Query Builder