Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23849PUBLISHED: 2023-02-06
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N...
CVE-2022-28923PUBLISHED: 2023-02-06Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVE-2022-3229PUBLISHED: 2023-02-06
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of ...
CVE-2022-44617PUBLISHED: 2023-02-06A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
CVE-2022-46496PUBLISHED: 2023-02-06BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
User Rank: Ninja
6/16/2016 | 11:36:04 AM
1. Companies like to hire geeks to keep their IT infrastructure running, but no one wants to hire a geek with the personality of a door knob.
2. Be prepared to communicate orally and in written form, to convey a message that addresses your audience appropriately. By all means, geek out when talking to your tech colleagues, but also know that when your message should be fit for executive consumption, craft that message accordingly.