Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23849PUBLISHED: 2023-02-06
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N...
CVE-2022-28923PUBLISHED: 2023-02-06Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVE-2022-3229PUBLISHED: 2023-02-06
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of ...
CVE-2022-44617PUBLISHED: 2023-02-06A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
CVE-2022-46496PUBLISHED: 2023-02-06BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
User Rank: Ninja
9/4/2015 | 5:39:26 AM
Another important factor: crisis response. Adobe presents a great example of what not to do. With their major breach a while back, the company first estimated that just under 3 million customers had been impacted. They later amended that number to at least 38 million. Eventually, it was revealed that more than 150 million customers' information was compromised.
Not good for business.