Skip to main content

Fail2Ban

5 CVEs product

Monthly

CVE-2021-32749 HIGH POC PATCH This Week

fail2ban is a daemon to ban hosts that cause multiple authentication errors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Fail2Ban Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
3.6%
CVE-2013-7177 MEDIUM POC PATCH This Month

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fail2Ban
NVD GitHub
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-7176 MEDIUM POC PATCH This Month

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fail2Ban
NVD GitHub
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-2178 MEDIUM This Month

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Fail2Ban
NVD GitHub
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-5642 HIGH PATCH This Week

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fail2Ban
NVD GitHub
CVSS 2.0
7.5
EPSS
1.6%
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

fail2ban is a daemon to ban hosts that cause multiple authentication errors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Fail2Ban +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fail2Ban
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fail2Ban
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Fail2Ban
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fail2Ban
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy