Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2316PUBLISHED: 2022-07-06HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
CVE-2022-2318PUBLISHED: 2022-07-06There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
CVE-2022-33047PUBLISHED: 2022-07-06OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.
CVE-2022-31111PUBLISHED: 2022-07-06
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferre...
CVE-2022-31124PUBLISHED: 2022-07-06
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker a...
User Rank: Apprentice
9/21/2016 | 12:36:46 PM
That said, Tesla's remote breach appears to demonstrate a lack of internal validation -- it was possible, for example, to open the trunk while the car was in motion, which is something you'd expect code to prevent.
If you allow remote control, a logical question to ask is, "what happens when a hacker gains remote access?" It's probably unreasonably optimistic to assume a remote attack isn't possible; it's also probably unappealing to mitigate this possibility by requiring confirmation -- especially that which requires physical interaction with the device -- whenever remote control is requested. Security and usability are opposites...