Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9754PUBLISHED: 2022-06-27NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2022-33146PUBLISHED: 2022-06-27Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
CVE-2022-33202PUBLISHED: 2022-06-27
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative pat...
CVE-2022-2206PUBLISHED: 2022-06-26Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-30932PUBLISHED: 2022-06-26** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
User Rank: Apprentice
6/29/2015 | 3:55:49 AM
We need to move to automation where evidence is gathered automatiacally and once for every aspect we need to report on, so we are not manually taking screenshots for PCI, SOX, HIPPA etc. Setup once, gather as needed and report non compliance for investigation, that way you will be as close to full compliance most of the time.
Compliance does not equal security