Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38451PUBLISHED: 2023-01-30A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-42484PUBLISHED: 2023-01-30An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-2988PUBLISHED: 2023-01-30A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC(V2.1.0 and prior), EcoStruxure Machine Expert – HVAC(V1.4.0 and prior).
CVE-2023-0471PUBLISHED: 2023-01-30Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0472PUBLISHED: 2023-01-30Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
User Rank: Ninja
7/1/2015 | 9:58:39 AM
It's not a bear you are coaxing in, its a small blind rodent who scampers around hiding from the light. Honeypots allow us to gather the information needed to deter the next infestation of vermin.
If we all worked together and shared the intel from honeypots our defenses would have a power multiplier many times greater than the damm hidden zero day expoloits used to further the ill will of many unknown players.
So shine some light and watch the rats scatter, you won't find a bear among them.