Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31263PUBLISHED: 2022-05-24app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
CVE-2022-0734PUBLISHED: 2022-05-24
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could a...
CVE-2022-0910PUBLISHED: 2022-05-24
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versio...
CVE-2022-29305PUBLISHED: 2022-05-24imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.
CVE-2022-29309PUBLISHED: 2022-05-24mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
User Rank: Apprentice
12/2/2011 | 8:01:37 PM
This isn't just an Apple problem, or an HTC Sprint problem. I suspect that all the carriers are using either licensed versions of the CIQ software or software witten by or for them by another company that accomplishes the same nastiness.