Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0519PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0493PUBLISHED: 2023-01-26Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVE-2022-46967PUBLISHED: 2023-01-26An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.
CVE-2022-46966PUBLISHED: 2023-01-26Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.
CVE-2023-0455PUBLISHED: 2023-01-26Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
User Rank: Apprentice
1/26/2015 | 9:13:48 AM
We've been doing it since 2011 and for all programming languages, we are in a unique position to look at real data from a large number of commercial projects.
Our research shows that if managed properly - ie updated when new security vulnerabilities are disclosed or when new versions are available - 98% of the projects that contain faulty open source components would not contain them.
So the problem is not open source but how it is used.