CVE-2023-2106
published 2023-04-15CVE-2023-2106: Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
PriorityP342critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.74%
50.0th percentile
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calibreweb | calibreweb | >= 0 < 0.6.20 | 0.6.20 |
| janeczku | calibre-web | < 0.6.20 | 0.6.20 |
| janeczku | janeczku_calibre-web | >= unspecified < 0.6.20 | 0.6.20 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
vendor_redhat3.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Weak Password Requirements in calibreweb
osv·2023-04-15
CVE-2023-2106 [HIGH] Weak Password Requirements in calibreweb
Weak Password Requirements in calibreweb
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
GHSA
Weak Password Requirements in calibreweb
ghsa·2023-04-15
CVE-2023-2106 [HIGH] CWE-521 Weak Password Requirements in calibreweb
Weak Password Requirements in calibreweb
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
Red Hat
vim: use after free in win_close()
vendor_redhat·2023-11-16·CVSS 3.9
CVE-2023-48231 [LOW] CWE-416 vim: use after free in win_close()
vim: use after free in win_close()
Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.
Statement: Red Hat Product Sec
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7ehttps://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7ehttps://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781
2023-04-15
Published