Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31099PUBLISHED: 2022-06-27
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a s...
CVE-2022-31101PUBLISHED: 2022-06-27prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31103PUBLISHED: 2022-06-27
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter),...
CVE-2022-32994PUBLISHED: 2022-06-27Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
CVE-2022-32995PUBLISHED: 2022-06-27Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
User Rank: Ninja
2/26/2015 | 9:38:53 AM
"Still though: if they sue a third party for doing a lousy job of securing data, they might be able to make a civil case out of it and win cash. But attribution -- learning who the attackers are -- will only lead to a criminal case, won't it? And the breached company isn't going to make any cash off of that, will they?"
Seriously! Look at the Anthem, Sony and Target breaches... who are they going to sue? From what we do know everyone of them were at the very least borderline negligent, doing only the very minimum to meet requirments ignoring or flat out dismissing warnings and examples of how other companies were successfully attacked.
It's way to easy to blame an attacker for breacking into your network and stealing whatever is available, but it's much harder to hold your own feet to the fire... and keep the shareholders happy.