Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25012PUBLISHED: 2023-02-02The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
CVE-2022-37034PUBLISHED: 2023-02-01In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.
CVE-2023-0599PUBLISHED: 2023-02-01
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metas...
CVE-2023-23750PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2023-23751PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
User Rank: Ninja
4/23/2016 | 9:26:36 AM
* Don't just test your Windows updates. Have and utilize a testbed for ALL your updates. You never know when something might not play nice with something else. (Remember the 3-day outage Verizon had on accounts receivable -- prevent customers from paying their bills -- because of an update gone awry?)
* The real solution for Flash is to JUST GET RID OF IT. ;)