Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42692PUBLISHED: 2022-05-26There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.
CVE-2022-31650PUBLISHED: 2022-05-25In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651PUBLISHED: 2022-05-25In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
CVE-2022-29256PUBLISHED: 2022-05-25
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` e...
CVE-2022-26067PUBLISHED: 2022-05-25
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnera...
User Rank: Ninja
4/16/2018 | 4:42:49 PM
I doubt if that can happen unless it's orchestrated, from the top, by each organization's Information System architects. The raison d' etre for IS is informing knowledge workers. That entails not only supplying information, but regulating it's dissemination. It is only at the IS level (through the application of business rules, instantiated at the transactional data level), that policies can be enforced - otherwise, they are just suggestions.