11 matches found
Improper Rate Limiting
ethyca-fides is vulnerable to Improper Rate Limiting. The vulnerability is due to the webserver API incorrectly applying rate limits based on infrastructure IPs instead of client IPs and storing counters in-memory rather than in a shared store, which allows an attacker to bypass rate limiting...
CVE-2025-57816
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...
CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...
CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...
GHSA-FQ34-XW6C-FPHF Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...
PT-2025-36509
Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The built-in IP-based rate limiting in the Fides Webserver API is ineffective in environments utilizing CDNs, proxies, or load balancers. The...
Linux Distros Unpatched Vulnerability : CVE-2021-4218
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local...
CVE-2025-21686
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-21686
The initial CVE-2025-21686 entry is marked as rejected, but connected sources describe a real Linux kernel issue related to io_uring: when cloning buffers between uring instances A and B that use different memory accounting contexts, closing A before B can decrement B’s pinned memory counters, po...
CVE-2025-21686
...