Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40900PUBLISHED: 2022-06-27A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.
CVE-2021-40901PUBLISHED: 2022-06-27A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.
CVE-2022-2208PUBLISHED: 2022-06-27NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVE-2022-2218PUBLISHED: 2022-06-27Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-2207PUBLISHED: 2022-06-27Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
User Rank: Strategist
6/27/2016 | 11:35:57 PM
Are corporate chiefs still asleep, trusting in the old IDS model for security? From all appearances, they are, indeed, and it will take millions more in losses before they awaken to the threat.
Poor training, coupled with antiquated threat indentification methods, understaffed IT sections, merger-speed corporate expansion, and profound ignorance of the threat conspire to make "corporate security" (almost) an oxymoron.
For Dark Readers, these are the dark ages of network security.