Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: curl: curl-8.20.0-2.hum1 aarch64, x8664 libcurl-8.20.0-2.hum1 aarch64, x8664 libcurl-devel-8.20.0-2.hum1 aarch64, x8664 libcurl-minimal-8.20.0-2.hum1 aarch64, x8664 curl-8.20.0-2.hum1.src src...

libcurl 7.71.0 < 8.20.0 Cookie Leak via Stale Host Header

The version of libcurl installed on the remote host is 7.71.0 prior to 8.20.0. It is, therefore, affected by a cookie leak vulnerability: - When using the same connection handle for multiple HTTP requests, if a custom Host: header is removed in a subsequent request, the second request would use...

EUVD-2023-12190

Malicious code in bioql PyPI...

SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...

DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS...

Remote code execution

The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...

CVE-2023-0090 Proofpoint Enterprise Protection webservices unauthenticated RCE

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE

The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...

Proofpoint Enterprise Protection 代码注入漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides the ability to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/POD version 8.20.0 and prior versions. An attacker can exploit this vulnerability to remotely execute code via...

Proofpoint Enterprise Protection 代码注入漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A code injection vulnerability exists in Proofpoint Enterprise Protection PPS/POD version 8.20.0 and prior versions. An attacker can exploit this vulnerability to remotely execute...

Atlassian Jira 8.14.x < 8.20.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.20.0. It is, therefore, affected by multiple vulnerabilities: - A Insecure Direct Object References IDOR vulnerability which may allow unauthenticated remote attackers to vi...

PT-2023-16005 · Proofpoint · Proofpoint Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection PPS/POD versions 8.20.0 and below Description: The webservices in Proofpoint Enterprise Protection contain a vulnerability that allows an anonymous user to execute remote code through 'eval injection'...

CVE-2021-33009

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system...

CVE-2021-27505

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information...

CVE-2021-33005

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories...

Design/Logic Flaw

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system...

PT-2022-10188 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions prior to 8.20.0 Description: The issue concerns unauthorized read access to sensitive system information due to lack of restrictions. Recommendations: For mySCADA myPRO versions prior to 8.20.0, update to version 8.20.0...

CVE-2021-43987

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface...

CVE-2021-43981

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-43989

mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes...