Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2287PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
CVE-2022-34912PUBLISHED: 2022-07-02An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
CVE-2022-34913PUBLISHED: 2022-07-02** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.
CVE-2022-2286PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
User Rank: Strategist
5/8/2014 | 9:33:04 PM
Bob, your points about entrepreneurs needing to find the right investors is spot on, and I heard it from all of the startup companies I spoke to. While that advice was important -- we do have some entrepreneurs among our readership -- the thing I found fascinating is how much interaction there is between venture capitalists and security executives (our primary readers here at Dark Reading). I was frankly amazed at how well informed the top security VCs are -- not just about emerging technologies, but about the *problems* that enterprises face. Clearly, you do a lot of talking with security professionals.
I am wondering, and maybe you could comment directly -- how does an enterprise security pro get in touch with smart VC experts like yourself? Can they just call you up? Do you have reports that they can read? How can they get a dialog going with VCs who might be able to give them tips on the next wave of security technology?