Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1809PUBLISHED: 2022-05-21Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-31267PUBLISHED: 2022-05-21Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.
CVE-2022-31268PUBLISHED: 2022-05-21A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
CVE-2022-31264PUBLISHED: 2022-05-21Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
CVE-2022-31259PUBLISHED: 2022-05-21The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
User Rank: Apprentice
3/17/2016 | 4:27:59 PM
Having built intel organizations at companies like iDEFENSE, iSIGHT, the Terrorism Research Center, and within 56 U.S. cities, this is a topic that I track closely. Many organizations don't give enough attention to how they need to consume and act on intelligence to drive decisions. It isn't just about how many feeds you can consume, but how those feeds fit into and drive an internal intelligence process that is iterative and has a robust feedback loop.