Latest version: v2.9.5
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2023-5289 | 63072 |
Rdiffweb 2.8.4 includes a fix for CVE-2023-5289: Allocation of Resour… |
|
HIGH | 8.8 |
| CVE-2023-4138 | 65256 |
Allocation of Resources Without Limits or Throttling in GitHub reposi… |
|
MEDIUM | 6.5 |
| PVE-2023-99950 | 60912 |
Rdiffweb 2.5.0a2 includes a fix for an open redirect vulnerability: T… |
|
- | - |
| PVE-2023-99951 | 60911 |
Rdiffweb prior to version 2.4.4 is vulnerable to potential brute-forc… |
|
- | - |
| PVE-2023-99952 | 60910 |
Rdiffweb versions prior to 2.3.7 are vulnerable to Cross-Site Request… |
|
- | - |
| CVE-2022-4722 | 54632 |
Authentication Bypass by Primary Weakness in GitHub repository ikus06… |
|
HIGH | 7.2 |
| CVE-2022-4724 | 54639 |
Improper Access Control in GitHub repository ikus060/rdiffweb prior t… |
|
CRITICAL | 9.8 |
| CVE-2022-4723 | 54631 |
rdiffweb prior to 2.5.5 has no rate limit on the "resend email featur… |
|
MEDIUM | 6.5 |
| CVE-2022-4720 | 54634 |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
|
MEDIUM | 6.1 |
| CVE-2022-4721 | 54633 |
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH… |
|
MEDIUM | 5.4 |
| CVE-2022-4719 | 54635 |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to … |
|
CRITICAL | 9.8 |
| CVE-2022-4646 | 54603 |
rdiffweb prior to version 2.5.4 is vulnerable to Cross-Site Request F… |
|
MEDIUM | 6.5 |
| CVE-2022-4644 | 54604 |
rdiffweb prior to version 2.5.4 has an Open Redirect vulnerability. |
|
MEDIUM | 6.1 |
| CVE-2022-4314 | 54580 |
Unauthorized access to settings update, logs , history, delete etc in… |
|
CRITICAL | 9.8 |
| CVE-2022-3363 | 54565 |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to … |
|
CRITICAL | 9.8 |
| CVE-2022-4018 | 54585 |
Missing Authentication for Critical Function in GitHub repository iku… |
|
MEDIUM | 4.3 |
| CVE-2022-3457 | 54519 |
ikus060/rdiffweb prior to 2.5.0a5 did not enforce origin validation i… |
|
CRITICAL | 9.8 |
| CVE-2022-3438 | 54511 |
A lack of user input validation leads to an open redirect vulnerabili… |
|
MEDIUM | 6.1 |
| CVE-2022-3371 | 54498 |
rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Wi… |
|
HIGH | 7.5 |
| CVE-2022-3364 | 54496 |
rdiffweb prior to 2.5.0a3 does not validate email length, allowing us… |
|
HIGH | 7.5 |
| CVE-2022-3456 | 54520 |
Allocation of Resources Without Limits or Throttling in GitHub reposi… |
|
CRITICAL | 9.8 |
| CVE-2022-3362 | 54584 |
Insufficient Session Expiration in GitHub repository ikus060/rdiffweb… |
|
CRITICAL | 9.8 |
| CVE-2022-3376 | 54507 |
rdiffweb prior to 2.5.0a4 allows users to set their new password to b… |
|
MEDIUM | 5.3 |
| CVE-2022-3327 | 54572 |
Missing Authentication for Critical Function in GitHub repository iku… |
|
CRITICAL | 9.8 |
| CVE-2022-3273 | 54506 |
rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attac… |
|
CRITICAL | 9.8 |
| CVE-2022-3439 | 54521 |
Allocation of Resources Without Limits or Throttling in GitHub reposi… |
|
CRITICAL | 9.8 |
| CVE-2022-3292 | 54487 |
rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Contain… |
|
MEDIUM | 4.6 |
| CVE-2022-3326 | 54489 |
ikus060/rdiffweb prior to 2.4.9 allows a user to set there password t… |
|
MEDIUM | 4.3 |
| CVE-2022-3295 | 54477 |
rdiffweb prior to 2.4.8 has no limit in length of root directory name… |
|
HIGH | 7.5 |
| CVE-2022-3298 | 54485 |
rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via a… |
|
HIGH | 7.5 |
| CVE-2022-3301 | 54475 |
rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on … |
|
LOW | 2.4 |
| CVE-2022-3272 | 54483 |
rdiffweb prior to 2.4.8 does not validate email length, allowing user… |
|
HIGH | 7.5 |
| CVE-2022-3290 | 54481 |
rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via a… |
|
HIGH | 7.5 |
| CVE-2022-3269 | 54555 |
Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. |
|
CRITICAL | 9.8 |
| CVE-2022-3274 | 54479 |
rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request F… |
|
LOW | 3.5 |
| CVE-2022-3267 | 54494 |
rdiffweb prior to 2.4.6 is vulnerable to cross-site request forgery o… |
|
MEDIUM | 4.3 |
| CVE-2022-3233 | 54552 |
rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery (… |
|
MEDIUM | 4.3 |
| CVE-2022-3250 | 54491 |
In rdiffweb prior to version 2.4.6, the `cookie` session_id does not … |
|
MEDIUM | 5.3 |
| CVE-2022-3232 | 54544 |
rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery (… |
|
MEDIUM | 4.3 |
| CVE-2022-3221 | 54473 |
rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery (… |
|
HIGH | 8.8 |
| CVE-2022-3175 | 54515 |
Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior… |
|
MEDIUM | 5.3 |
| CVE-2022-3179 | 54517 |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prio… |
|
HIGH | 8.8 |
| CVE-2022-3174 | 54513 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHu… |
|
HIGH | 7.5 |
| CVE-2022-3389 | 54504 |
rdiffweb prior to 2.4.10 is vulnerable to Path Traversal. Version 2.4… |
|
HIGH | 7.5 |
| CVE-2022-3167 | 54530 |
Improper Restriction of Rendered UI Layers or Frames in GitHub reposi… |
|
HIGH | 8.8 |