[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-7667: add additional note on rate-limiting login attempts
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 19 18:20:50 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9297527 by Salvatore Bonaccorso at 2018-03-19T19:20:05+01:00
CVE-2018-7667: add additional note on rate-limiting login attempts
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2554,6 +2554,9 @@ CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
NOTE: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus not "enumerating"
NOTE: services on (another) host for ports < 1024.
+ NOTE: Additionally 4.4.0 rate-limits password-less login attempts from the same
+ NOTE: IP address:
+ NOTE: https://github.com/vrana/adminer/commit/0e5df34ea87ad34c1bc0ceac162eb86175d611a3
CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL ...)
NOT-FOR-US: ClipBucket
CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. A ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c92975279c5ea6ca8f6913b95968847b3c6288e5
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c92975279c5ea6ca8f6913b95968847b3c6288e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180319/af418e9a/attachment.html>
More information about the Secure-testing-commits
mailing list