Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193PUBLISHED: 2023-02-04hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
User Rank: Apprentice
2/5/2019 | 10:07:15 AM
A few questions come to my mind reading this - was the home owner informed that they information had become compromised? That they needed to change their passwords? Is there updated announcements regarding training of new features? Do users understand or even know that systems are not 100% secure no matter what?
The comments I had read have a touch of arrogance. Being in the computer and security field we understand these things. Not all users do. If you go to a Doc for a health issue, should the doc talk down to you or make comments about how you should have known something?