Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-21129PUBLISHED: 2023-01-31Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
CVE-2022-25881PUBLISHED: 2023-01-31This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
CVE-2022-25979PUBLISHED: 2023-01-31Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.
CVE-2022-4898PUBLISHED: 2023-01-31
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken t...
CVE-2022-4041PUBLISHED: 2023-01-31Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
User Rank: Apprentice
6/18/2015 | 2:09:52 PM
I've heard much less of this recently. Have the problems been corrected (for example by clear guidelines and standards of professional organizations)? If so, maybe we need more effort to let people know, to avoid deterring future security professionals.
We will need their services for a long time.