Search for packages
| purl | pkg:pypi/rdiffweb@2.3.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fg8-rcx8-77fq
Aliases: CVE-2022-3274 GHSA-gmj8-84r4-h46j PYSEC-2022-289 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7. |
Affected by 32 other vulnerabilities. |
|
VCID-25yw-5nru-aygm
Aliases: CVE-2022-4314 GHSA-g594-55mp-f6q8 PYSEC-2022-43002 |
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. |
Affected by 11 other vulnerabilities. |
|
VCID-287j-23ju-9fhk
Aliases: CVE-2022-4720 GHSA-h5wp-jrqc-cwwx PYSEC-2022-43006 |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-29xz-5wxu-ybed
Aliases: CVE-2022-3298 GHSA-xhw9-4wqq-x67v PYSEC-2022-294 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-2n1n-8nzg-xuh3
Aliases: CVE-2025-67796 GHSA-v4gp-hf5j-4566 |
IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users data and, in some cases, perform privileged actions. This issue may enable cross-tenant access. Fixed in version 2.10.6. |
Affected by 0 other vulnerabilities. |
|
VCID-52wf-fheq-cuer
Aliases: CVE-2023-5289 GHSA-c4rv-2j6x-pq7x PYSEC-2023-186 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. |
Affected by 1 other vulnerability. |
|
VCID-57wc-s2nn-cyeu
Aliases: CVE-2022-4646 GHSA-85fp-523q-5xwc PYSEC-2022-43004 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4. |
Affected by 9 other vulnerabilities. |
|
VCID-5922-k3p7-pfdj
Aliases: CVE-2022-3221 GHSA-vq4h-xrwc-m639 PYSEC-2022-278 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. |
Affected by 38 other vulnerabilities. |
|
VCID-5k13-n5su-sqce
Aliases: CVE-2023-4138 GHSA-wwrg-2w5j-grvx |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0. |
Affected by 2 other vulnerabilities. |
|
VCID-5xg7-u3nr-nkfg
Aliases: CVE-2022-3362 GHSA-94qm-99qc-qwqj PYSEC-2022-43000 |
Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
Affected by 12 other vulnerabilities. |
|
VCID-6zc1-xs64-1bc6
Aliases: CVE-2022-4724 GHSA-m8r9-qxx8-mrxp PYSEC-2022-43010 |
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-91jt-tgps-27b2
Aliases: CVE-2022-3175 GHSA-ch4c-278q-5654 PYSEC-2022-273 |
Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. |
Affected by 39 other vulnerabilities. |
|
VCID-9f5c-ne9b-27fd
Aliases: CVE-2022-4018 GHSA-4wph-9vrm-6v3w PYSEC-2022-43001 |
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-btgq-2yaz-abdd
Aliases: CVE-2022-3326 GHSA-8wxf-c45w-g66g PYSEC-2022-297 |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. |
Affected by 25 other vulnerabilities. |
|
VCID-dpbu-gy6u-abd3
Aliases: CVE-2022-3272 GHSA-qrj3-hrgj-fm7r PYSEC-2022-291 |
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-e351-976k-sqak
Aliases: CVE-2022-3179 GHSA-mp5p-g2jv-r8qw PYSEC-2022-272 |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. |
Affected by 39 other vulnerabilities. |
|
VCID-ep38-eu98-fbas
Aliases: CVE-2022-4721 GHSA-83pm-7v48-5jp4 PYSEC-2022-43007 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-fcym-y8c1-xqdq
Aliases: CVE-2022-3457 GHSA-824x-jcxf-hpfg PYSEC-2022-43161 |
Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-fdqn-8pt3-2bfz
Aliases: CVE-2022-3371 GHSA-3fhq-72hw-jqwv PYSEC-2022-299 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. |
Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ffd3-kujb-f7fq
Aliases: CVE-2022-3364 GHSA-fqfg-c577-2vc3 PYSEC-2022-298 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. |
Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fxxn-nnzy-97bv
Aliases: CVE-2022-3232 GHSA-cw2v-wv4g-w4p6 PYSEC-2022-281 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. |
Affected by 37 other vulnerabilities. |
|
VCID-h6v3-24fq-3udw
Aliases: CVE-2022-4723 GHSA-7q4r-x5qg-mmcp PYSEC-2022-43009 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-jy4h-rrhr-83ah
Aliases: CVE-2022-3292 GHSA-7fqm-jm52-f9vc PYSEC-2022-296 |
Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. Affected by 25 other vulnerabilities. |
|
VCID-khum-ewzn-yfe6
Aliases: CVE-2022-3167 GHSA-m379-x4xc-38x9 PYSEC-2022-268 |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. |
Affected by 42 other vulnerabilities. |
|
VCID-mr71-9e9c-zbda
Aliases: CVE-2022-3295 GHSA-hrj7-f62f-j7x7 PYSEC-2022-293 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-n88y-9qre-n3bz
Aliases: CVE-2022-3438 GHSA-8g9m-vv69-7j99 PYSEC-2022-43158 |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-n9ht-12n5-b7c9
Aliases: CVE-2022-3174 GHSA-mjw4-xvx6-3grg PYSEC-2022-271 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. |
Affected by 39 other vulnerabilities. |
|
VCID-nbqy-kang-vfau
Aliases: CVE-2022-3389 GHSA-hrrm-895h-xh34 PYSEC-2022-302 |
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. |
Affected by 22 other vulnerabilities. |
|
VCID-nc4e-1muy-1kd7
Aliases: CVE-2022-3301 GHSA-qq29-5vjh-vxwr PYSEC-2022-295 |
Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-ps4e-cg34-wyah
Aliases: CVE-2022-3363 GHSA-jw36-mrvg-j5fx PYSEC-2022-42978 |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. |
Affected by 18 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-pva4-gkpj-juh8
Aliases: CVE-2022-3250 GHSA-m748-hjqg-rpp8 PYSEC-2022-287 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. |
Affected by 34 other vulnerabilities. |
|
VCID-qcsd-5htt-h3ev
Aliases: CVE-2022-4722 GHSA-wf33-6x33-wcf9 PYSEC-2022-43008 |
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-rynh-v7q5-6kdg
Aliases: CVE-2022-3439 GHSA-x8x2-wc2h-wc48 PYSEC-2022-43159 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
Affected by 12 other vulnerabilities. |
|
VCID-sn4z-f439-6qe7
Aliases: CVE-2022-3376 GHSA-7wr6-fj4x-893v PYSEC-2022-43157 |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. |
Affected by 19 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-t1sj-158f-efey
Aliases: CVE-2022-3269 GHSA-j3q4-gmj4-mj95 PYSEC-2022-290 |
Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. |
Affected by 32 other vulnerabilities. |
|
VCID-tjr6-1mzd-93ee
Aliases: CVE-2022-3233 GHSA-9vxf-mcm6-5m42 PYSEC-2022-285 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. |
Affected by 34 other vulnerabilities. |
|
VCID-tv4c-g8r6-xbf6
Aliases: CVE-2022-4644 GHSA-639f-hxcv-84mc PYSEC-2022-43003 |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. |
Affected by 9 other vulnerabilities. |
|
VCID-vmrb-sm2h-hqf1
Aliases: CVE-2022-3290 GHSA-5v95-j4rr-6f3c PYSEC-2022-292 PYSEC-2022-43184 |
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-wyn5-w4qh-nfht
Aliases: CVE-2022-4719 GHSA-2wpw-cm9w-v4xm PYSEC-2022-43005 |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-yssm-eyx3-efhs
Aliases: CVE-2022-3456 GHSA-92gf-p376-6r9r PYSEC-2022-43160 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
Affected by 12 other vulnerabilities. |
|
VCID-yz9x-nz9u-wybe
Aliases: CVE-2022-3327 GHSA-99j5-fvg3-54pm PYSEC-2022-42977 |
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. |
Affected by 22 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-z43n-dk6v-pffh
Aliases: CVE-2022-3267 GHSA-74j6-3hh4-w3f5 PYSEC-2022-284 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. |
Affected by 34 other vulnerabilities. |
|
VCID-zzjz-9wv2-vfcc
Aliases: CVE-2022-3273 GHSA-9g3v-v24q-jj5p PYSEC-2022-43156 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. |
Affected by 19 other vulnerabilities. Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||