Lucene search
+L

289 matches found

OpenVAS
OpenVAS
added 2022/02/08 12:0 a.m.22 views

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7.2AI score0.01727EPSS
Exploits0References2
OSV
OSV
added 2021/12/20 10:28 a.m.9 views

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...

8.8CVSS7AI score0.01727EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/12/15 7:8 p.m.3 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/15 2:52 p.m.4 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/15 5:18 p.m.5 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
Nextcloud
Nextcloud
added 2021/10/25 11:48 a.m.60 views

Rate-limits not working on instances without configured memory cache backend

None...

8.1CVSS7.8AI score0.015EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/10/14 7:53 a.m.95 views

Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images

Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

7.7CVSS6.9AI score0.53461EPSS
Exploits12References4
Positive Technologies
Positive Technologies
added 2021/10/04 12:0 a.m.2 views

PT-2021-22745 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE affected versions not specified Description: An attacker with physical access to a user's machine may brute force the user's password via the change password function. Although there is a rate limit in place, the attack can still...

4.2CVSS4AI score0.00249EPSS
Exploits0References11
OSV
OSV
added 2021/08/18 3:15 p.m.8 views

AZL-7253 CVE-2021-37714 affecting package jsoup 1.11.3-3

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.6AI score0.06873EPSS
Exploits0References1
Huntr
Huntr
added 2021/07/30 11:7 a.m.10 views

in erudika/scoold

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...

2AI score
Exploits0
OSV
OSV
added 2021/05/18 4:4 a.m.7 views

OPENSUSE-SU-2021:0751-1 Security update for prosody

This update for prosody fixes the following issues: prosody was updated to 0.11.9: Security: modlimits, prosody.cfg.lua: Enable rate limits by default certmanager: Disable renegotiation by default modproxy65: Restrict access to local c2s connections by default util.startup: Set more aggressive...

7.8CVSS6.8AI score0.02261EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/18 12:0 a.m.41 views

Security update for prosody (important)

openSUSE Security Update: Security update for prosody Announcement ID: openSUSE-SU-2021:0751-1 Rating: important References: 1186027 Cross-References: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes four...

7.8CVSS6.8AI score0.02261EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/05/15 12:0 a.m.27 views

openSUSE: Security Advisory for prosody (openSUSE-SU-2021:0728-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6.4AI score0.02261EPSS
Exploits0References2
OSV
OSV
added 2021/05/14 9:17 p.m.7 views

OPENSUSE-SU-2021:0728-1 Security update for prosody

This update for prosody fixes the following issues: prosody was updated to 0.11.9: Security: modlimits, prosody.cfg.lua: Enable rate limits by default certmanager: Disable renegotiation by default modproxy65: Restrict access to local c2s connections by default util.startup: Set more aggressive...

7.8CVSS6.8AI score0.02261EPSS
Exploits0References6
Hacker One
Hacker One
added 2021/04/14 8:4 p.m.24 views

Reddit: [dubsmash] Username and password bruteforce

Summary: Due to less complexity of password and no rate limiting attacker can bruteforce user name and password and takeover the victim account Login Page- No rate limits Password length is minimum five character with no variations. Plain password are easy to bruteforce Reset Password page- No ra...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2020/12/23 12:0 a.m.27 views

WordPress Limit Login Attempts Reloaded Plugin < 2.17.4 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.8CVSS6.9AI score0.04348EPSS
Exploits3References1
NVD
NVD
added 2020/12/21 7:15 a.m.24 views

CVE-2020-35590

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...

9.8CVSS9.5AI score0.04348EPSS
Exploits1References2
Prion
Prion
added 2020/12/21 7:15 a.m.13 views

Design/Logic Flaw

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...

5CVSS9.4AI score0.04348EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/12/21 6:3 a.m.26 views

CVE-2020-35590

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...

9.5AI score0.04348EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/11/02 12:0 a.m.6 views

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to insecure management of privileges, allows a violator to compromise the integrity of the protected information.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the protected information by using the argument...

4.3CVSS6.1AI score0.0153EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder