Lucene search
K
Ikus-softRdiffweb

42 matches found

cve
cve
added 2023/09/29 1:59 p.m.113 views

CVE-2023-5289

CVE-2023-5289 affects the rdiffweb project from ikus060, specifically versions prior to 2.8.4. The root issue is Allocation of Resources Without Limits or Throttling, leading to potential resource exhaustion. The known remediation is to upgrade to version 2.8.4 or later. Exploitation details are ...

8.8CVSS7.8AI score0.00646EPSS
cve
cve
added 2022/09/15 8:45 a.m.93 views

CVE-2022-3221

CVE-2022-3221 affects ikus060/rdiffweb prior to version 2.4.3, where a CSRF flaw in the profile SSH keys flow can enable unauthorized access. The issue arises from accepting a GET request during SSH-key operations, leading to key addition without proper user interaction. The vulnerability is miti...

8.8CVSS8.8AI score0.00622EPSS
cve
cve
added 2022/09/22 6:15 p.m.93 views

CVE-2022-3274

CVE-2022-3274 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the rdiffweb project (GitHub: ikus060/rdiffweb) prior to version 2.4.7. Multiple connected sources describe CSRF exposure that can allow an attacker to change a user's email address/settings. The confirmed remediation is...

7CVSS4.3AI score0.00375EPSS
cve
cve
added 2022/09/13 4:35 p.m.91 views

CVE-2022-3179

CVE-2022-3179 concerns weak password requirements in the rdiffweb project (ikus060/rdiffweb) prior to version 2.4.2. The issue is described across multiple sources as the software lacking a proper password policy, which could permit weak or easily guessable passwords and enable brute-force-style ...

8.8CVSS7.6AI score0.00785EPSS
cve
cve
added 2022/09/17 7:40 p.m.88 views

CVE-2022-3232

The CVE-2022-3232 entry concerns a CSRF vulnerability in the GitHub repository ikus060/rdiffweb, affecting versions prior to 2.4.5. The cited advisories describe that an attacker could exploit this CSRF in the admin area to delete repositories and users. Relevant details indicate the affected sof...

6.5CVSS4.8AI score0.00331EPSS
cve
cve
added 2022/09/26 4:50 p.m.87 views

CVE-2022-3272

CVE-2022-3272 concerns rdiffweb prior to 2.4.8. The root cause is improper handling of a length parameter in email input (no validation beyond long strings), enabling a denial-of-service condition. Affected software is the rdiffweb web application; the vulnerability is evidenced by multiple sourc...

7.5CVSS6.2AI score0.01429EPSS
cve
cve
added 2022/09/28 8:15 p.m.86 views

CVE-2022-3292

The CVE CVE-2022-3292 affects rdiffweb prior to 2.4.8, caused by improper cache control that allows a cache containing sensitive information to be exposed. This is an information disclosure vulnerability in the web application, with impact on confidentiality and no listed exploit details in the p...

4.6CVSS4.5AI score0.00507EPSS
cve
cve
added 2022/10/06 12:0 a.m.86 views

CVE-2022-3389

The CVE-2022-3389 entry concerns the Rdiffweb project (ikus060/rdiffweb). Affected version: prior to 2.4.10, with a Path Traversal vulnerability in the file/path handling. The issue is documented as a vulnerability in path traversal (no exploitation details provided in the connected sources). Mit...

8.2CVSS7.6AI score0.00997EPSS
cve
cve
added 2022/11/14 12:0 a.m.85 views

CVE-2022-3362

CVE-2022-3362 affects ikus060/rdiffweb prior to 2.5.0, due to insufficient session expiration. This is documented as a high-severity issue (CVE base score 9.8, critical) with network access required and no user interaction. The vulnerability arises from inadequate session expiration handling in t...

9.8CVSS7.8AI score0.00876EPSS
cve
cve
added 2022/11/16 12:0 a.m.85 views

CVE-2022-4018

CVE-2022-4018 affects the GitHub repository ikus060/rdiffweb, with versions prior to 2.5.0a6 vulnerable due to a missing authentication mechanism for a critical function. Multiple sources (GHSA, OSV, NVD, CVE lists, PT security advisories) corroborate the issue and reference an access-control fai...

6.1CVSS4.8AI score0.00809EPSS
cve
cve
added 2022/09/29 8:45 p.m.84 views

CVE-2022-3364

CVE-2022-3364 affects ikus060/rdiffweb before 2.5.0a3. The issue is an unlimited length of the Fullname parameter, enabling resource exhaustion and potential memory corruption that can lead to a Denial of Service. Root cause: no enforcement of a maximum length for Fullname; impact described as Do...

7.5CVSS6.2AI score0.01004EPSS
cve
cve
added 2022/09/26 11:10 a.m.81 views

CVE-2022-3301

CVE-2022-3301 affects rdiffweb prior to version 2.4.8. The root cause is improper cleanup on a thrown exception in the application, which can allow an attacker to influence the content displayed to users (e.g., displaying a message of their choice or injecting misleading data into a page). Refere...

4.3CVSS3.8AI score0.00553EPSS
cve
cve
added 2022/09/08 6:35 p.m.80 views

CVE-2022-3167

The vulnerability described for CVE-2022-3167 affects the rdiffweb project, with versions prior to 2.4.1 affected. The root cause is an improper restriction of rendered UI layers or frames, enabling clickjacking attacks. This can trick users into performing actions (e.g., entering passwords, liki...

10CVSS8.7AI score0.00968EPSS
cve
cve
added 2022/10/26 12:0 a.m.80 views

CVE-2022-3363

CVE-2022-3363 affects rdiffweb prior to 2.5.0a7. The issue is described as business logic errors in the GitHub repository ikus060/rdiffweb. Practical impact is reflected by the high base scores in the CVSS vectors (critical in NVD). Affected component: rdiffweb software; root cause: business logi...

9.8CVSS6.4AI score0.0075EPSS
cve
cve
added 2022/12/23 12:0 a.m.78 views

CVE-2022-4722

CVE-2022-4722 affects rdiffweb (ikus060/rdiffweb) prior to version 2.5.5. The root cause is a non-unique username field that breaks primary-key logic, enabling an authentication bypass and potential unauthorized access. The issue is documented in multiple sources (GHSA, OSV) and is confirmed with...

7.2CVSS6.9AI score0.0113EPSS
cve
cve
added 2022/09/21 4:55 p.m.77 views

CVE-2022-3250

CVE-2022-3250 affects the rdiffweb project (GitHub ikus060/rdiffweb) prior to version 2.4.6. The root issue is a session cookie (session_id) that is not marked with the Secure attribute when the URL is invalid, exposing the cookie over non-secure channels. Several sources confirm the vulnerabilit...

5.3CVSS5.1AI score0.00396EPSS
cve
cve
added 2022/10/19 12:0 a.m.77 views

CVE-2022-3327

CVE-2022-3327 affects rdiffweb (GitHub: ikus060/rdiffweb) with a missing authentication flaw in a critical function prior to version 2.5.0a6. The issue stems from insufficient access controls on a function that should require authentication, enabling potential unauthorized access or actions. Publ...

9.8CVSS6.9AI score0.00749EPSS
cve
cve
added 2022/12/23 12:0 a.m.77 views

CVE-2022-4721

CVE-2022-4721 affects the rdiffweb project (ikus060/rdiffweb). The issue is a lack of sanitization of characters in SSH key names, enabling special-element injection (a hyperlink injection) that could redirect victims to malicious sites. Affected versions are prior to 2.5.5. Exploitation details ...

6.6CVSS5.5AI score0.00485EPSS
cve
cve
added 2022/09/21 7:40 p.m.76 views

CVE-2022-3233

CVE-2022-3233 describes a Cross-Site Request Forgery (CSRF) vulnerability in the GitHub repository ikus060/rdiffweb, affecting versions prior to 2.4.6. The issue enables CSRF due to insufficient request validation, potentially allowing an attacker to trigger actions such as disabling user notific...

4.3CVSS4.6AI score0.00316EPSS
cve
cve
added 2022/12/06 12:0 a.m.75 views

CVE-2022-4314

CVE-2022-4314 concerns the GitHub repository ikus060/rdiffweb, where an issue with improper privilege management allowed unauthorized access to settings updates, logs, history, and deletion features in versions prior to 2.5.2. The connected sources confirm affected software and the root cause, wi...

9.8CVSS7.7AI score0.00789EPSS
cve
cve
added 2022/12/23 12:0 a.m.75 views

CVE-2022-4724

The CVE-2022-4724 entry concerns the rdiffweb project by ikus060 and stems from improper access control in versions prior to 2.5.5. The NVD entry lists a base CVSSv3.1 score of 9.8 (CRITICAL) with NETWORK attack vector and high impact on confidentiality, integrity, and availability; CNA/other sou...

9.8CVSS9.2AI score0.00827EPSS
cve
cve
added 2022/12/22 12:0 a.m.74 views

CVE-2022-4646

The CVE concerns rdiffweb (GitHub: ikus060/rdiffweb) prior to version 2.5.4. The vulnerability is a Cross-Site Request Forgery (CSRF) in the web application, enabling unintended actions on a user’s account. The root cause is CSRF in the vulnerable web interface; no exploit details are provided in...

6.5CVSS5.8AI score0.00313EPSS
cve
cve
added 2022/09/26 10:0 p.m.73 views

CVE-2022-3298

CVE-2022-3298 refers to a resource allocation vulnerability in the rdiffweb project by ikus060, where prior to version 2.4.8 an unlimited-length title field (used when adding an SSH key) can cause excessive memory usage and lead to a Denial of Service. Multiple sources corroborate the issue, with...

7.5CVSS6.2AI score0.00951EPSS
cve
cve
added 2022/12/23 12:0 a.m.73 views

CVE-2022-4719

CVE-2022-4719 concerns RDiffWeb (GitHub: ikus060/rdiffweb) with Business Logic Errors in versions prior to 2.5.5 . The connected materials consistently identify the issue type as business logic, affecting pre-2.5.5 builds. A remediation is to upgrade to version 2.5.5 or later . The sources do not...

9.8CVSS7.4AI score0.00967EPSS
cve
cve
added 2022/10/10 12:0 a.m.72 views

CVE-2022-3438

CVE-2022-3438 concerns an open redirect in the GitHub repo ikus060/rdiffweb, affected before version 2.5.0a4. The vulnerability stems from inadequate input handling/validation enabling redirect to arbitrary URLs when used for invitations, links, or navigation. Impact is described as open redirect...

6.1CVSS5.8AI score0.00492EPSS
cve
cve
added 2022/09/26 12:20 p.m.71 views

CVE-2022-3295

CVE-2022-3295 affects the rdiffweb project (rdiffweb, prior to 2.4.8). The root cause is unlimited length for root directory names, allowing a crafted long string to trigger a denial of service. Impact is a DoS condition with potential memory issues; no data confidentiality or integrity impact is...

7.5CVSS6.2AI score0.00943EPSS
cve
cve
added 2022/10/13 12:0 a.m.71 views

CVE-2022-3456

CVE-2022-3456 affects the rdiffweb project (ikus060/rdiffweb) prior to version 2.5.0. The root cause is Allocation of Resources Without Limits or Throttling, potentially enabling resource exhaustion and affecting availability. NVD metrics yield a CRITICAL base score (CVSS 3.1: 9.8, network attack...

9.8CVSS7.4AI score0.00345EPSS
cve
cve
added 2022/12/23 12:0 a.m.71 views

CVE-2022-4723

rdiffweb (ikus060/rdiffweb) prior to version 2.5.5 is affected by an absence of rate limiting on the resend email feature when enabling or disabling 2FA via the /prefs/mfa endpoint. This can allow resource allocation without limits, as described across multiple sources. Affected component is the ...

6.5CVSS6.3AI score0.00632EPSS
cve
cve
added 2022/09/28 11:45 p.m.70 views

CVE-2022-3326

Summary: CVE-2022-3326 affects the rdiffweb project (ikus060/rdiffweb) prior to version 2.4.9. The root cause is weak password requirements due to insufficient validation of password entropy, which allows bypassing the intended password complexity policy that requires 8–128 characters. The result...

5.4CVSS4.6AI score0.00566EPSS
cve
cve
added 2022/09/30 1:15 p.m.70 views

CVE-2022-3371

CVE-2022-3371 affects rdiffweb prior to 2.5.0a3. The vulnerability stems from unbounded Token name length, allowing Allocation of Resources Without Limits or Throttling, leading to DoS or memory corruption. The issue is fixed in version 2.5.0a3. If upgrading is not possible, a temporary mitigatio...

7.5CVSS7.5AI score0.01012EPSS
cve
cve
added 2022/09/22 9:20 a.m.69 views

CVE-2022-3267

CVE-2022-3267 affects the rdiffweb project (ikus060/rdiffweb), with a Cross-Site Request Forgery (CSRF) in repository settings prior to version 2.4.6. The vulnerability could allow an attacker to modify repository settings when a victim is authenticated, as indicated by multiple sources in the co...

6.8CVSS4.8AI score0.00319EPSS
cve
cve
added 2022/10/13 12:0 a.m.69 views

CVE-2022-3457

CVE-2022-3457 documents an Origin Validation Error in the rdiffweb project by ikus060, prior to version 2.5.0a5. The issue arises from improper origin validation in web traffic, enabling an access-control-related vulnerability. Public references in GHSA and OSV entries corroborate the same adviso...

9.8CVSS6.7AI score0.00317EPSS
cve
cve
added 2022/12/22 12:0 a.m.67 views

CVE-2022-4644

CVE-2022-4644 affects the rdiffweb project in the GitHub repository ikus060/rdiffweb, specifically versions prior to 2.5.4. The issue is an Open Redirect vulnerability caused by an input/redirection handling weakness. Impact stated in sources is consistent with an Open Redirect; no exploitation d...

6.1CVSS5.9AI score0.00599EPSS
cve
cve
added 2022/09/13 9:20 a.m.66 views

CVE-2022-3174

CVE-2022-3174 affects rdiffweb prior to 2.4.2, where cookies are transmitted over HTTPS without the Secure attribute, exposing confidentiality. The issue impacts the GitHub repo ikus060/rdiffweb; CVSS v3.1/3.0 base score 7.5 (HIGH) with network attacker, no user interaction. Affected component: s...

7.5CVSS6.2AI score0.00556EPSS
cve
cve
added 2022/12/23 12:0 a.m.66 views

CVE-2022-4720

Open Redirect vulnerability CVE-2022-4720 affects the rdiffweb project (GitHub: ikus060/rdiffweb) prior to version 2.5.5. Root cause details are not explicitly provided in the initial document beyond the classification as an Open Redirect. Impact and exploitation specifics are not enumerated in t...

6.1CVSS6.2AI score0.00481EPSS
cve
cve
added 2022/10/06 12:0 a.m.65 views

CVE-2022-3273

CVE-2022-3273 affects the GitHub repository ikus060/rdiffweb, specifically versions prior to 2.5.0a4. The root cause is an allocation of resources without limits or throttling. The vulnerability can lead to resource exhaustion, affecting availability and potentially exposing or degrading service ...

9.8CVSS6.5AI score0.00441EPSS
cve
cve
added 2022/09/26 7:0 p.m.64 views

CVE-2022-3290

CVE-2022-3290 affects the rdiffweb project (ikis060/rdiffweb) prior to 2.4.8, where the root cause is improper handling/validation of the length parameter for the username field. This can be exploited to trigger a Denial of Service due to excessive memory use, with the DoS condition explicitly do...

7.5CVSS6.4AI score0.00721EPSS
cve
cve
added 2022/10/14 12:0 a.m.64 views

CVE-2022-3439

CVE-2022-3439 affects rdiffweb in the GitHub repository ikus060/rdiffweb prior to version 2.5.0. The root cause is allocation of resources without limits or throttling, which can impact availability and also affect confidentiality and integrity as indicated by CVSS 3.1/3.0 assessments (high impac...

9.8CVSS6.9AI score0.00598EPSS
cve
cve
added 2022/09/13 9:20 a.m.63 views

CVE-2022-3175

CVE-2022-3175 affects the rdiffweb project in the GitHub repository ikus060/rdiffweb prior to version 2.4.2. The vulnerability is a missing custom error page which leads to leakage of error information. The issue is resolved in version 2.4.2. Mitigation: upgrade to 2.4.2 or later. Exploitation de...

5.3CVSS5.2AI score0.00684EPSS
cve
cve
added 2022/09/23 9:20 a.m.63 views

CVE-2022-3269

CVE-2022-3269 affects the rdiffweb web application (itas ikus060/rdiffweb) prior to version 2.4.7. The root cause is failure to invalidate session cookies on logout, enabling session fixation where an attacker can reuse a valid cookie to access a user account after login/logout sequences. Impact ...

9.8CVSS7.8AI score0.00727EPSS
cve
cve
added 2022/10/06 12:0 a.m.58 views

CVE-2022-3376

CVE-2022-3376 affects rdiffweb (ikus060/rdiffweb) prior to version 2.5.0a4. The reported issue is weak password requirements that allow a new password to be the same as the old one during password reset. According to multiple sources (GHSA/OSV/PYSEC and NVD entries), this is mitigated in 2.5.0a4 ...

5.3CVSS4.5AI score0.00672EPSS
cve
cve
added 2023/08/03 1:41 p.m.54 views

CVE-2023-4138

Summary: CVE-2023-4138 affects the GitHub-hosted project ikus060/rdiffweb, prior to version 2.8.0. The root cause is allocation of resources without limits or throttling, enabling potential abuse. What’s affected: Rdiffweb, specifically components handling report/notification logic that can be ex...

6.5CVSS5.3AI score0.00405EPSS