Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
CVE-2022-34912PUBLISHED: 2022-07-02An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
CVE-2022-34913PUBLISHED: 2022-07-02** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.
CVE-2022-2286PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2285PUBLISHED: 2022-07-02Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
User Rank: Strategist
3/9/2015 | 2:47:03 PM
More and more companies are realizing security can no longer be relegated to the domain of "necessary evil" but rather an integral part of survival. As such more thought is given to security matters during architecture rather than leaving it to budget permiting post-hoc decisions. Not just services but product manufacturers are also coming to this realization.