2 matches found
PT-2022-21561 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue is related to improper handling of length parameter inconsistency. It can be exploited via an unlimited length username field, potentially leading to excess memory consumption or memory...
CVE-2019-16374
Pega Platform 8.2.1 allows LDAP injection because a username can contain a character and can be of unlimited length. An attacker can specify four characters of a username, followed by the character, to bypass access control...