Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25936PUBLISHED: 2023-01-30Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.
CVE-2022-25967PUBLISHED: 2023-01-30Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.
CVE-2023-24622PUBLISHED: 2023-01-30isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.
CVE-2023-24623PUBLISHED: 2023-01-30Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.
CVE-2022-48303PUBLISHED: 2023-01-30
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace c...
User Rank: Ninja
8/31/2016 | 11:42:40 AM
I think this and the prestige are the biggest hits when it comes to downtime. If your cistimers need your support to provide service to their customers, no customer would be on your site if not up 100% of the time any more.