Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-46552PUBLISHED: 2023-02-02D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
CVE-2022-46604PUBLISHED: 2023-02-02An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
CVE-2022-46965PUBLISHED: 2023-02-02PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.
CVE-2023-0642PUBLISHED: 2023-02-02Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.
CVE-2023-0643PUBLISHED: 2023-02-02Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
User Rank: Strategist
9/30/2014 | 11:03:40 AM
1) Simplify as much as possible, as has been mentioned in the comments. This is particularly true in the entrance to any programs. The fewer doors, the fewer ways for the rats to get in. I know it's a broad brush, but complexity for its own sake is unsafe. The likelyhood is that every system is probably unsafe due to designers not thinking of every way their code is going to be attacked. This isn't because they're bad designers, it's because not every way code is going to be attacked has been thought of by anybody yet.
2) The people who aren't patching aren't fatigued. Regular patchers shouldn't be fatigued, it's just part of what they do. People who patch absolutly everything the moment a patch comes out probably are fatigued.