Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30929PUBLISHED: 2022-07-06Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
CVE-2022-21783PUBLISHED: 2022-07-06In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.
CVE-2022-21784PUBLISHED: 2022-07-06In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462.
CVE-2022-21785PUBLISHED: 2022-07-06In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363.
CVE-2022-21786PUBLISHED: 2022-07-06In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822.
User Rank: Ninja
7/2/2017 | 12:09:37 AM
One of my favorite examples of this that I like to use with clients is of a local hospital that (true story) has certain large trash bins throughout that are very prominently and clearly labeled as being for the disposal of documents containing HIPAA-protected information.
The problem, however, is that if I'm a bad guy, I know exactly where to look for that information. I just have to shove my arm into the bin and grab some papers and quickly dart off.
So while that's a very "compliant" thing to do, it's not at all secure.