Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Ninja
11/24/2014 | 8:04:16 AM
an invalid certificate or incorrectly selected certificate may look "OK" -- but most of us will be unable to tell if the XYZ Company or the X Y Z Company -- is the correct certificate. combine this with the habit of companies to change things around on occasion and the safety of the x.509 certificate is reduced to Hope and Prayer.
x.509 certificates should be broadcast with magninal trust only.
each of use should vet the certificates we need to use on critical applications -- and then countersign the certificate, bringing it to Full Trust.
Vendors have been attempting to automate the x.509 for customers. But they have made a mess by skipping the Critical Step.
Places like Credit Unions and other Financial offices would provide the "fingerprints" needed to verify a certificate.