π΄ How MOVEit Is Likely to Shift Cyber Insurance Calculus π΄
π Read
via "Dark Reading".
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.π Read
via "Dark Reading".
Dark Reading
How MOVEit Is Likely to Shift Cyber Insurance Calculus
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.
βΌ CVE-2023-4257 βΌ
π Read
via "National Vulnerability Database".
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45853 βΌ
π Read
via "National Vulnerability Database".
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30148 βΌ
π Read
via "National Vulnerability Database".
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45674 βΌ
π Read
via "National Vulnerability Database".
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30154 βΌ
π Read
via "National Vulnerability Database".
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45852 βΌ
π Read
via "National Vulnerability Database".
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45348 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.It is recommended to upgrade to a version that is not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5578 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PortΓΒ‘bilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input ");'> <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42792 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42663 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42780 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33161 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5582 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32755 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33165 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45871 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5585 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40378 βΌ
π Read
via "National Vulnerability Database".
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5586 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25091 βΌ
π Read
via "National Vulnerability Database".
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).π Read
via "National Vulnerability Database".