Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2289PUBLISHED: 2022-07-03Use After Free in GitHub repository vim/vim prior to 9.0.
CVE-2022-2288PUBLISHED: 2022-07-03Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
CVE-2022-2290PUBLISHED: 2022-07-03Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
CVE-2022-2287PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
User Rank: Apprentice
9/21/2016 | 12:36:46 PM
That said, Tesla's remote breach appears to demonstrate a lack of internal validation -- it was possible, for example, to open the trunk while the car was in motion, which is something you'd expect code to prevent.
If you allow remote control, a logical question to ask is, "what happens when a hacker gains remote access?" It's probably unreasonably optimistic to assume a remote attack isn't possible; it's also probably unappealing to mitigate this possibility by requiring confirmation -- especially that which requires physical interaction with the device -- whenever remote control is requested. Security and usability are opposites...