Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31263PUBLISHED: 2022-05-24app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
CVE-2022-0734PUBLISHED: 2022-05-24
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could a...
CVE-2022-0910PUBLISHED: 2022-05-24
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versio...
CVE-2022-29305PUBLISHED: 2022-05-24imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.
CVE-2022-29309PUBLISHED: 2022-05-24mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
User Rank: Apprentice
4/29/2019 | 7:25:40 AM
It feels to me as if TLS is 'trying to make up for lost time', ie they've long been second in the cetificate security race to SSL. Now they are releasing new versions of the protocol, only to find that they are not secure.