Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-29248PUBLISHED: 2022-05-25
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to ...
CVE-2022-29402PUBLISHED: 2022-05-25TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVE-2021-27783PUBLISHED: 2022-05-25User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27779PUBLISHED: 2022-05-25VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
CVE-2021-44719PUBLISHED: 2022-05-25Docker Desktop 4.3.0 has Incorrect Access Control.
User Rank: Apprentice
11/21/2014 | 4:24:09 PM
It seems with so many types and formats of the feeds many organizations are struggling with aggregating and normalizing the information in a manner which allows for an efficient, effective and consistent way to utilize the information. Perhaps as standards such as STIX & TAXII it will help with the problem.