Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33085PUBLISHED: 2022-06-30ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
CVE-2022-33087PUBLISHED: 2022-06-30A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2022-31115PUBLISHED: 2022-06-30
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML...
CVE-2022-33082PUBLISHED: 2022-06-30An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2013-5683PUBLISHED: 2022-06-30** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
User Rank: Ninja
5/30/2018 | 9:44:44 PM
In any case, part of the real root of the problem is that, for all of the hype of the latest C-whatever-O position, in most organizations it's a farce. The real capital-C C-Suite is the CEO and CFO, and sometimes the CIO, CMO, CTO, EVP of BizDev, and/or General Counsel/CLO.
The CISO role needs a seat at the C-suite table for all of its importance if managed appropriately -- but often it tends to be a gopher and scapegoat position.