Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2287PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
CVE-2022-34912PUBLISHED: 2022-07-02An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
CVE-2022-34913PUBLISHED: 2022-07-02** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.
CVE-2022-2286PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
User Rank: Ninja
1/20/2018 | 3:38:54 PM
With emails, our prime assumption is that emails come from people, rather than from the programmed execution of code residing in a number of machines. Next is the assumption that the name in the "From:" header is that of the "person" or entity sending the email. Then we have the primal assumption that an email is an object, sealed by the sender, traveling directly from sender to recipient, its contents unobserved or altered.
It's not surprising that so many carry forward the assumptions from a traditional mail, metaphor. Many others know these technologies of digital networks, and social-engineering, well enough to exploit the vulnerabilities in the mechanisms and those who rely on them. Conscience brings some of these to help; lack of conscience brings others to a smorgasbord of opportunities to exploit our misconceptions about email.