Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1809PUBLISHED: 2022-05-21Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-31267PUBLISHED: 2022-05-21Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.
CVE-2022-31268PUBLISHED: 2022-05-21A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
CVE-2022-31264PUBLISHED: 2022-05-21Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
CVE-2022-31259PUBLISHED: 2022-05-21The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
User Rank: Ninja
9/28/2014 | 12:48:25 PM
I know Apple hasn't had to deal with major vulnerabilities routinely in the past, but this isn't the way to address it. Apple should admit that all versions of OSX have the vulnerability but, users are not exposed unless they enable X, Y or Z. They shouldn't leave the subject up for debate by making a nebulous statement such as "systems are safe by default and not exposed to remote exploits of Bash unless users configure advanced UNIX services". This doesn't actually explain to users how they might currently be vulnerable, or what they may do for a work around.
Apple gets an F for this response in my book.