Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30929PUBLISHED: 2022-07-06Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
CVE-2022-21783PUBLISHED: 2022-07-06In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.
CVE-2022-21784PUBLISHED: 2022-07-06In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462.
CVE-2022-21785PUBLISHED: 2022-07-06In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363.
CVE-2022-21786PUBLISHED: 2022-07-06In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822.
User Rank: Ninja
1/14/2015 | 8:24:41 AM
I would recommend a solution that is managed by the same third party and has a security suite that encompasses the majority of prevalent security safeguards. In this way you will be able to reduce cost by coupling products, ensure cross system compatibility (which is huge for SIEM and other correlation), and upgrades can be managed more seamlessly. Also, if you company bandwidth is not large than an MSSP who focuses on this may also cut cost and increase security expertise for the organization.
Thoughts?