Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2287PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
CVE-2022-34912PUBLISHED: 2022-07-02An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
CVE-2022-34913PUBLISHED: 2022-07-02** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.
CVE-2022-2286PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
User Rank: Strategist
12/22/2014 | 9:42:46 AM
Maybe I'm misinterpretting the author's intent, but it doesn't just seem to be the author of this particular article. A great number of tech-news sites are covering this so-called issue this morning, and all of them are reporting essentially the same thing, that this is some sort of flaw. A misconfigured service is not a flaw, but rather a poorly thought-out security measure, and as is well known, there is no patch for human-stupidity. Either the sysadmin is competant or not. There is no half-way or grey-area where that is concerned. Either you know what you're doing or you don't, which *is* correctable provided the person on the receiving end of new training is competant enough to understand their training... otherwise, they're in the wrong line of work.