Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0658PUBLISHED: 2023-02-03
A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The ide...
CVE-2022-38389PUBLISHED: 2023-02-03IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.
CVE-2022-22486PUBLISHED: 2023-02-03IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.
CVE-2023-0634PUBLISHED: 2023-02-02An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.
CVE-2022-48114PUBLISHED: 2023-02-02RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
User Rank: Apprentice
10/6/2015 | 2:15:06 AM
They keep saying there isn't enough "qaulified" security professionals. What constitutes qaulified? Those that sold their house to get certified, those that can find the ways to study but don't have certifications due to lack of funds?
IF they count only those with certifications as qaulified, they need to find ways so that those of us that really want to get into the field, help in the field can get those without selling our first unborn and grandparents.