Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38161PUBLISHED: 2022-08-11The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.
CVE-2022-38150PUBLISHED: 2022-08-11In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
CVE-2022-38155PUBLISHED: 2022-08-11TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
CVE-2022-38129PUBLISHED: 2022-08-10A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.
CVE-2022-38130PUBLISHED: 2022-08-10
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<at...
User Rank: Apprentice
5/20/2014 | 10:00:51 AM
By comparison, Web development skills are (by comparison) relatively easy to learn. There is a huge number of people who know how to develop Websites. This is why salaries for Web development are likely to decline, while salaries for security specialists are likely to keep rising.