Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-44645PUBLISHED: 2023-01-31
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the paramete...
CVE-2023-0591PUBLISHED: 2023-01-31
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_no...
CVE-2023-0592PUBLISHED: 2023-01-31A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.
CVE-2023-0593PUBLISHED: 2023-01-31A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.
CVE-2023-24829PUBLISHED: 2023-01-31
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 o...
User Rank: Apprentice
1/15/2015 | 1:14:12 AM
Second, I'd like to see the brands get more aggressive on punishing companies that scoff the DSS and get breached. Home Depot has been breached how many times now? The breach at Target was rather offensive itself, they missed all the warning signs. Of course, the Council will do nothing to these companies as they would be missing all the revenue that thise companies make for them. I would guarantee that if one major retailer was to lose its merchant status, there would be a newfound vigor and zeal from the rest of the retail industry to get secured.
2. IT management is generally not ready for a revolutionary approach. They must be dragged, kicking and screaming into compliance because they will whine, complain, drag their feet and stall all they can until they have to get compliant. The cost of noncompliance needs to be greater than it takes to get compliant, otherwise it simply won't happen.