Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333PUBLISHED: 2022-05-09RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463PUBLISHED: 2022-05-08ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470PUBLISHED: 2022-05-08marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620PUBLISHED: 2022-05-08NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
User Rank: Apprentice
11/18/2014 | 7:21:11 AM
Per your comment -
""line-of-business leaders know they need to evaluate vendors based on security but also realize that they don't have the knowledge to ask the depth of questions necessary to truly look out for pitfalls"
What happens when the IT department does not have the knowledge to ask the right questions either? This could lead to a disjointed cloud service being purchased that cannot be supported by the either the LOB or IT organization. When this happens, then the LOB would be forced to find alternatives to help support their cloud services which were purchased outside of the IT department.
I realize that many LOB's utilize cloud services outside of IT organizations line of sight. I for one am not a advocate of this type of IT strategy, as it tends to create more problems in the long term than it solves.