Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Ninja
1/23/2016 | 12:34:48 PM
Now, I'm not going to pull out my FOSS soap box, but shouldn't this tell you something? With the recent Volkswagen exposure - unconscionable, by the way - we as an industry need to start holding corporations accountable, and stop allowing them to ask for these types of "features". I 'm sure not all software engineers have a conscious, but I know the great majority of us do. Money might be the root of all evil, but someone is writing the code that is allowing the mega corporations to pull these dastardly deeds off. While AMX Harman may not be at the same level of wrong-doing as Volkswagen's acts, it still reveals a level of apathy that will keep us in this mess unless the industry takes a stand.
To the mega corporations and the people who made the decisions to do these things remember, you use software, too...