Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Ninja
9/28/2014 | 12:48:25 PM
I know Apple hasn't had to deal with major vulnerabilities routinely in the past, but this isn't the way to address it. Apple should admit that all versions of OSX have the vulnerability but, users are not exposed unless they enable X, Y or Z. They shouldn't leave the subject up for debate by making a nebulous statement such as "systems are safe by default and not exposed to remote exploits of Bash unless users configure advanced UNIX services". This doesn't actually explain to users how they might currently be vulnerable, or what they may do for a work around.
Apple gets an F for this response in my book.