Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37491PUBLISHED: 2023-02-07An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.
CVE-2023-0707PUBLISHED: 2023-02-07
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this v...
CVE-2022-21953PUBLISHED: 2023-02-07A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
CVE-2022-31249PUBLISHED: 2023-02-07
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 an...
CVE-2022-43755PUBLISHED: 2023-02-07A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
User Rank: Ninja
6/25/2015 | 11:44:13 AM
I also think its a good idea to point out that in the coding phase is when app sec should be continually reviewed. Today's agile methodology is very good at acknowledging this principle. If you don't ingrain security at every phase of the SDLC, it is hopeless to expect that post-creation testing will yield desirable results.