CVE-2023-2106 – Weak Password Requirements in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2023-2106
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. • https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781 • CWE-521: Weak Password Requirements •
CVE-2022-2525 – Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
https://notcve.org/view.php?id=CVE-2022-2525
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. • https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2022-30765
https://notcve.org/view.php?id=CVE-2022-30765
Calibre-Web before 0.6.18 allows user table SQL Injection. Calibre-Web versiones anteriores a 0.6.18, permite una inyección SQL en la tabla de usuario • https://github.com/janeczku/calibre-web/blob/master/SECURITY.md https://github.com/janeczku/calibre-web/releases/tag/0.6.18 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •