Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0758PUBLISHED: 2023-02-09
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exp...
CVE-2022-43440PUBLISHED: 2023-02-09Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
CVE-2023-25168PUBLISHED: 2023-02-09
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an exis...
CVE-2023-0249PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
CVE-2023-0250PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
User Rank: Apprentice
8/28/2017 | 4:04:45 PM
@ Joe - I also agree that we need more emphasis on response and remediation. Returning to our analogy from the article...
**Spoiler alert - if you haven't watched the Season 7 finale, read no further**
Now that part of the Wall has come down, the North is in dire need of response and recovery.
Security teams would do well to start investing in automation for the back half of the framework you laid out. Items 5 through 8 have lots of manual steps. Automation, data science, and ML may be able to help amplify analyst post -ncident prodictiivty.