Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-21129PUBLISHED: 2023-01-31Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
CVE-2022-25881PUBLISHED: 2023-01-31This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
CVE-2022-25979PUBLISHED: 2023-01-31Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.
CVE-2022-4898PUBLISHED: 2023-01-31
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken t...
CVE-2022-4041PUBLISHED: 2023-01-31Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
User Rank: Moderator
1/27/2017 | 3:13:46 PM
Any disclosure has this impact even if a patch was released, as most don't implement the patch in time to prevent an attack... I agree we don't need to be publicly disclosing ICS vulnerabilities but we still have alot of thinking to do in how we disclose vulns in regular consumer products too, need to try to keep them a little more private, within the industry, instead of pasting them on the front page for any newbie hacker to cherry-pick.