Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43440PUBLISHED: 2023-02-09Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
CVE-2023-25168PUBLISHED: 2023-02-09
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an exis...
CVE-2023-0249PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
CVE-2023-0250PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0251PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.
User Rank: Author
9/23/2014 | 5:10:53 PM
I have quoted Ice T in many presentations saying "Don't hate the playa, hate the game." The problem is that the entire software development ecosystem is not set up to encourage secure code. These things can shift, though. The automobile industry shifted from the Ralph Nader "Unsafe at Any Speed" days to now, where cars have extensive safety protections, regulation, crash tests, etc...
So how do we get out of the "Unsafe at Any CPU Speed" days? I think there's a lot of promise in the DevOps movement. Not that DevOps by itself will lead to more secure code, but all the tools and processes in DevOps establishes the infrastructure that will make automated security verification possible.