Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0658PUBLISHED: 2023-02-03
A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The ide...
CVE-2022-38389PUBLISHED: 2023-02-03IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.
CVE-2022-22486PUBLISHED: 2023-02-03IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.
CVE-2023-0634PUBLISHED: 2023-02-02An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.
CVE-2022-48114PUBLISHED: 2023-02-02RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
User Rank: Strategist
9/30/2014 | 11:03:40 AM
1) Simplify as much as possible, as has been mentioned in the comments. This is particularly true in the entrance to any programs. The fewer doors, the fewer ways for the rats to get in. I know it's a broad brush, but complexity for its own sake is unsafe. The likelyhood is that every system is probably unsafe due to designers not thinking of every way their code is going to be attacked. This isn't because they're bad designers, it's because not every way code is going to be attacked has been thought of by anybody yet.
2) The people who aren't patching aren't fatigued. Regular patchers shouldn't be fatigued, it's just part of what they do. People who patch absolutly everything the moment a patch comes out probably are fatigued.