CVE-2022-3371 No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

CVE-2022-3371 No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

CVE-2022-3371

CVE-2022-3371 affects rdiffweb prior to 2.5.0a3. The vulnerability stems from unbounded Token name length, allowing Allocation of Resources Without Limits or Throttling, leading to DoS or memory corruption. The issue is fixed in version 2.5.0a3. If upgrading is not possible, a temporary mitigatio...

GHSA-8WXF-C45W-G66G rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords...

rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords...

GHSA-FQFG-C577-2VC3 rdiffweb's unlimited length Fullname field can lead to DoS

rdiffweb prior to 2.5.0a3 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to...

rdiffweb's unlimited length Fullname field can lead to DoS

rdiffweb prior to 2.5.0a3 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to...

Rdiffweb Weak Password Vulnerability

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A weak password vulnerability exists in Rdiffweb versions prior to 2.4.9, which can be exploited by attackers to obtain sensitive...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.0a3, which stems from unrestricted resource allocation...

PT-2022-21826 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a3 Description: The issue is related to the allocation of resources without limits or throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption...

Rdiffweb Information Disclosure Vulnerability

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. An information disclosure vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from the use of a cache containing...

PYSEC-2022-298

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

Design/Logic Flaw

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

CVE-2022-3364 No limit in length of "Fullname" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

CVE-2022-3364

CVE-2022-3364 affects ikus060/rdiffweb before 2.5.0a3. The issue is an unlimited length of the Fullname parameter, enabling resource exhaustion and potential memory corruption that can lead to a Denial of Service. Root cause: no enforcement of a maximum length for Fullname; impact described as Do...

Information Disclosure

rdiffweb is vulnerable to information disclosure. The vulnerability exist in empty function in dispatch.py, which allows an unauthenticated attacker to view sensitive information due to improper cache control...

PYSEC-2022-297

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9...

GHSA-7FQM-JM52-F9VC rdiffweb vulnerable to Use of Cache Containing Sensitive Information

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue...

rdiffweb vulnerable to Use of Cache Containing Sensitive Information

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.0a3, which stems from the lack of limitation or throttling of...