Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45598PUBLISHED: 2023-01-31Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
CVE-2022-47035PUBLISHED: 2023-01-31Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVE-2022-47780PUBLISHED: 2023-01-31SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.
CVE-2023-24162PUBLISHED: 2023-01-31Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
CVE-2023-24163PUBLISHED: 2023-01-31SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.
User Rank: Ninja
1/14/2015 | 9:19:49 AM
"Under the new standard we're proposing, companies would have to notify consumers of a breach within 30 days." As far as the notification timeframe is concerned, 30 days seems a bit long. Here is why I think that way. Confirmation of a breach may take more time that most people realize, given the many clever ways that leaves an organization without proper authorization; it could take days or weeks to confirm exfiltration. Further, it may take an even much longer time to even discover an intrusion. So an organization that has been breached has had plenty of time to gather information and compose a notification. In my opinion, the timeframe should be between 7-14 days.