Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333PUBLISHED: 2022-05-09RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463PUBLISHED: 2022-05-08ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470PUBLISHED: 2022-05-08marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620PUBLISHED: 2022-05-08NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
User Rank: Apprentice
12/14/2017 | 8:55:40 PM
The FDA's Cybersecurity fact sheet, Premarket, and Postmarket Cybersecurty guidelines address these issues. Here are the links:
hxxps://www.fda.gov/downloads/MedicalDevices/DigitalHealth/UCM544684.pdf
hxxps://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm356190.pdf
hxxps://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf
We need to be actively addressing the issues from within the industry rather than just Kicking Puppies from the outside. The experts I know are actively engaged in the Medical Device industry helping to fix these decades old design, implementation, and operational issues, rather than regurgitating that which has been published over and over again by a variety of boutique research companies. Yes – the problems with medical devices, products, and the HDOs who consume them, can be extremely serious denending on the situaton. This cannot be overstated enough. WannaCry clearly highlighted this in a huge way this past year. But stating that the "healthcare industry is underestimating security threats", without addressing what is actually being done to address it by both the HDOs and device manufacturers, presents a very lopsided picture and does the overall effort a significant injustice.
My comments are my own.