Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-16 | CVE-2023-35708 | SQL Injection vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. | 9.8 |
| 2023-06-12 | CVE-2023-35036 | SQL Injection vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. | 9.1 |
| 2023-06-09 | CVE-2023-34363 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 5.9 |
| 2023-06-09 | CVE-2023-34364 | Out-of-bounds Write vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 9.8 |
| 2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |
| 2023-04-21 | CVE-2023-26100 | Cross-site Scripting vulnerability in Progress Flowmon OS In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. | 6.1 |
| 2023-04-21 | CVE-2023-26101 | Path Traversal vulnerability in Progress Flowmon Packet Investigator 12.0.1 In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | 7.5 |
| 2023-04-10 | CVE-2023-29375 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. | 9.8 |
| 2023-04-10 | CVE-2023-29376 | Cross-site Scripting vulnerability in Progress Sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. | 5.4 |
| 2023-04-03 | CVE-2022-27665 | Cross-site Scripting vulnerability in Progress WS FTP Server 8.6.0 Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. | 6.1 |