289 matches found
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1602-1 Security update for nextcloud
This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
Rate-limits not working on instances without configured memory cache backend
None...
Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images
Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
PT-2021-22745 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE affected versions not specified Description: An attacker with physical access to a user's machine may brute force the user's password via the change password function. Although there is a rate limit in place, the attack can still...
AZL-7253 CVE-2021-37714 affecting package jsoup 1.11.3-3
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
in erudika/scoold
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...
OPENSUSE-SU-2021:0751-1 Security update for prosody
This update for prosody fixes the following issues: prosody was updated to 0.11.9: Security: modlimits, prosody.cfg.lua: Enable rate limits by default certmanager: Disable renegotiation by default modproxy65: Restrict access to local c2s connections by default util.startup: Set more aggressive...
Security update for prosody (important)
openSUSE Security Update: Security update for prosody Announcement ID: openSUSE-SU-2021:0751-1 Rating: important References: 1186027 Cross-References: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes four...
openSUSE: Security Advisory for prosody (openSUSE-SU-2021:0728-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0728-1 Security update for prosody
This update for prosody fixes the following issues: prosody was updated to 0.11.9: Security: modlimits, prosody.cfg.lua: Enable rate limits by default certmanager: Disable renegotiation by default modproxy65: Restrict access to local c2s connections by default util.startup: Set more aggressive...
Reddit: [dubsmash] Username and password bruteforce
Summary: Due to less complexity of password and no rate limiting attacker can bruteforce user name and password and takeover the victim account Login Page- No rate limits Password length is minimum five character with no variations. Plain password are easy to bruteforce Reset Password page- No ra...
WordPress Limit Login Attempts Reloaded Plugin < 2.17.4 Multiple Vulnerabilities
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2020-35590
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...
Design/Logic Flaw
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...
CVE-2020-35590
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...
The vulnerability of the software for implementing the hypertext environment MediaWiki, related to insecure management of privileges, allows a violator to compromise the integrity of the protected information.
The vulnerability of the software for implementing the hypertext environment MediaWiki is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the protected information by using the argument...