Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36659PUBLISHED: 2023-01-27
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 ...
CVE-2020-36658PUBLISHED: 2023-01-27In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
CVE-2023-24060PUBLISHED: 2023-01-27
Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage b...
CVE-2023-22740PUBLISHED: 2023-01-27
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...
CVE-2023-0519PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
User Rank: Ninja
7/15/2021 | 1:36:19 PM
This says it all, instead of supporting the employee for finding issues in their application, he/she was fired for bringing this obvious gaping hole to their attention and now others are paying for their oversight. Where is GDPR or FTC when you need it? Are we going to get a free credit reporting or monitoring session for a year, there should be something said about this and the company should pay for the money lost, where is the accountability?
Todd