Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23087PUBLISHED: 2023-02-03An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
CVE-2023-23088PUBLISHED: 2023-02-03Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.
CVE-2023-0659PUBLISHED: 2023-02-03
A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VD...
CVE-2023-23086PUBLISHED: 2023-02-03Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function.
CVE-2021-37519PUBLISHED: 2023-02-03Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
User Rank: Moderator
10/22/2018 | 2:02:33 PM
It does not.
All it proves is that we saw some failed attacks. And if you think about it, if the attacks are successful, they are going to erase their footprints, so how would you know?
So here, we can just borrow from Quality Assurance over the last 50 years. In Quality Control, we know that the number of defects that escape a factory into the field and become customer issues is directly proportional to the number of defects found in the factory. That's why everyone is so concerned about zero defects in the factory.
Applying that to security of the election infrastructure, all these failed attacks are actually proof that the likelihood that there have been successful attacks is increasing. Thus we should not be assured and complacent. This is actually evidence that we need to be more vigilant and figure out what we aren't doing that we aren't catching the attacks that have been succeeding.