Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-37452PUBLISHED: 2022-08-07Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-26979PUBLISHED: 2022-08-06Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
CVE-2022-27944PUBLISHED: 2022-08-06Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
CVE-2022-2688PUBLISHED: 2022-08-06
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be...
CVE-2022-2689PUBLISHED: 2022-08-06
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch t...
User Rank: Author
5/15/2015 | 11:05:42 AM
Obviously to the best of our knowledge this was discovered before this vuln got into the hands of the advesary. My concern is that in general we do not do well with 1. patching our systems and 2. limiting access.
I think the popular thought out there is that anyone running Xen or KVM will somehow avoid the same mistakes we all continue to make. Perhaps that is the case. Everyone seems to be focusing on the fact that technologically this is an easy fix. However, we often forget that the scale of modern infrastructures makes emergency patches a logisitcal nightmare. Plus, its not just cloud hosting providers running Xen and KVM out there.