Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-44645PUBLISHED: 2023-01-31
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the paramete...
CVE-2023-0591PUBLISHED: 2023-01-31
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_no...
CVE-2023-0592PUBLISHED: 2023-01-31A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.
CVE-2023-0593PUBLISHED: 2023-01-31A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.
CVE-2023-24829PUBLISHED: 2023-01-31
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 o...
User Rank: Ninja
12/27/2014 | 8:56:32 PM
"... Some of these attacks are exaggerated by news channels and social media."
@Dr, T I agree. A lot of these attacks are misunderstood banter on the Net. But what really annoys me is that Chase apparently sat on this information for a long time. Considering they should have released this news as soon as they were aware. Enough with how the public is going to perceive you.
I for one already know Chase is using "smoke and mirrors" when it comes to security. They are doing no more than is required by law, and that apparently isn't enough.
So why did it take them so long to release this information ? Only the nieve amongst us really believes Chase or any Net facing business is ever safe from a breech.
If Chase thinks we the public would think less of them because of this, well it has long since been too late for that.