32 matches found
EUVD-2020-5566
Malware in sbrugna...
CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
GitLab 1.0 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13306)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
BIT-GITLAB-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
K23278332: A DNS over TCP packet is not rate-limited accurately using the single-endpoint DoS device flood vector
Security Advisory Description This issue occurs when all of the following conditions are met: Setting the correct DNS packet type in the denial-of-service DoS device sweep or flood vector. Matching traffic sends DNS over TCP. Impact The mitigation for DNS over TCP packets is not working as expect...
CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...
in polonel/trudesk
Description When logging in, the login page will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of rate limitation when logging in in order to help an attacker find out which accounts exist & then brute force those accounts' login...
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
Design/Logic Flaw
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
CVE-2021-41171 Bypass bruteforce protection on login form in elabftw
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
Unspecified Vulnerability in InvoicePlane
InvoicePlane is a software application. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. InvoicePlane version 1.5.11 suffers from a security vulnerability that stems from the absence of any rate limitation on password resets, where reset...
TikTok: Lack of rate limitation on careers site allows the attacker to brute force the verification code
An attacker could have potentially attempted to brute force the verification code needed to reset a candidate's password by leveraging a lack of rate limiting on the TikTok careers portal. We thank @iambouali for reporting this to our team and confirming the resolution...
X (Formerly Twitter): Bypass Password Authentication to Update the Password
Summary: This additional security measure from twitter provides protection to the victim's account, considering that a victim's session may have been hijacked by a hacker, however, due to this additional layer of security Implemented by twitter the hacker would not be able to change the victim's...
CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
Design/Logic Flaw
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...
CVE-2020-13306
GitLab CVE-2020-13306 affects GitLab versions before 13.1.10, 13.2.8 and 13.3.4, where the Webhook feature could be abused due to lack of rate limiting, enabling denial-of-service. The connected sources consistently describe this vulnerability in the Webhook component and its impact on availabili...
CVE-2020-13306
Removed by vendor...