Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193PUBLISHED: 2023-02-04hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
User Rank: Ninja
12/22/2014 | 9:38:50 AM
In my opinion this event, because it involves North Korea, we should be looking at our privately owned (national) infrastructure of public utilities, water, electric... other power generation and banking. It's been proved many times over that some of these critical systems are open to the Internet, if not vulnerable to a dedicated script-kiddy. We (the US) invented STUXNET... Duqu... Flame and possibly others that we haven't heard about (yet). I don't know about you but there is no way that I can believe that America is the only "Nation State" with this capability, we're just the only ones whose been caught using it. We're wasting time.