Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25135PUBLISHED: 2023-02-03
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are...
CVE-2022-4634PUBLISHED: 2023-02-03All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0123PUBLISHED: 2023-02-03Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-0124PUBLISHED: 2023-02-03Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-24613PUBLISHED: 2023-02-03
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend bin...
User Rank: Strategist
9/30/2014 | 11:03:40 AM
1) Simplify as much as possible, as has been mentioned in the comments. This is particularly true in the entrance to any programs. The fewer doors, the fewer ways for the rats to get in. I know it's a broad brush, but complexity for its own sake is unsafe. The likelyhood is that every system is probably unsafe due to designers not thinking of every way their code is going to be attacked. This isn't because they're bad designers, it's because not every way code is going to be attacked has been thought of by anybody yet.
2) The people who aren't patching aren't fatigued. Regular patchers shouldn't be fatigued, it's just part of what they do. People who patch absolutly everything the moment a patch comes out probably are fatigued.