rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords...

Cisco IOS XE Denial of Service Vulnerability

Cisco IOS XE Software is an operating system from Cisco for enterprise wired and wireless access, aggregation, core and WAN in a single operating system, Cisco IOS XE reduces business and network complexity. An error can be exploited by an attacker to cause a denial of service...

CVE-2022-39209

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the...

NIC Knot Resolver Denial of Service Vulnerability

Knot Resolver is a cached DNS resolver implementation that includes a resolver library and daemon. A denial of service vulnerability exists in NIC Knot Resolver versions prior to 5.5.3. The vulnerability stems from not properly handling incoming error messages and can be exploited by a remote...

PT-2022-21758 · Ikus060 · Rdiffweb

Name of the Vulnerable Software and Affected Versions: ikus060/rdiffweb versions prior to 2.4.9 Description: The issue concerns weak password requirements. Specifically, it allows users to set passwords with all spaces, bypassing password complexity requirements due to a lack of password entropy...

Denial Of Service (DOS)

Commonmarker is vulnerable to denial of Service. The vulnerability is due to a polynomial time complexity issue caused by cmark-gfm autolink extension feature. This results in resource exhaustion, leading to a denial of service...

CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

DEBIAN-CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

Code injection

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

UBUNTU-CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

PT-2022-25268 · Unknown +4 · Knot Resolver +4

Name of the Vulnerable Software and Affected Versions: Knot Resolver versions prior to 5.5.3 Description: The issue allows remote attackers to cause a denial of service due to algorithmic complexity, resulting in CPU consumption. This occurs when an authoritative server returns large NS sets or...

CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

CVE-2022-40188

CVE-2022-40188 affects Knot Resolver prior to version 5.5.3. The issue is a remote denial-of-service via CPU consumption caused by algorithmic complexity when an attack results in large nameserver or address sets being returned by an authoritative server. Public advisories (NVD entry and various ...

CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...

steal Inefficient Regular Expression Complexity vulnerability via string variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the string variable in babel.js...

Why Organizations Struggle with Patch Management (and What to Do about It)

The cybersecurity attack surface continues to grow exponentially. Modern technologies are being deployed on-premises and in the cloud as part of digital transformation journeys. Meanwhile, the current practice of identifying, classifying, prioritizing, and remediating vulnerabilities has become...