Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25136PUBLISHED: 2023-02-03
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting thi...
CVE-2023-25139PUBLISHED: 2023-02-03
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of ...
CVE-2022-48074PUBLISHED: 2023-02-03An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
CVE-2023-25135PUBLISHED: 2023-02-03
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are...
CVE-2022-4634PUBLISHED: 2023-02-03All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
User Rank: Apprentice
5/20/2019 | 10:27:09 AM
There is always resistance to any novel idea to get people in to the Security (or IT) field, even if it's entry level and even if it's capturing people already skilled in other areas. That's entirely predictable if we understand that we all self-justify and think the only path that is "good" is the one we took. You see those arguments constantly re: degress are good vs. bad, certs are good vs. bad, etc. So unless YOU had something like a 3-4 month boot camp on ramp then it sounds like a bad idea? "It's not how I did it!" crows the peacock! We need to realize how other people get into the field doesn't undermine our achievements and get over it. Then there is the whole fear of competition, change, or whatever. The Security field has a lot of change and competition in it... so let's get past that and just pull up our big people pants. Get to work solving the problem instead of causing more resistance.
One of the key global competitve advantages is getting ALL your smart people working on tough problems, as opposed to letting societal frameworks narrowly restrict your talent pool. Being good at Security has little to do with a demographic, because your individual characterists (e.g. persistence, analytics, vision, etc.) that make you good at this line of work (or not) always trumps any generic demographic stereotypes. So a targeted outreach to attract an otherwise alienated talent pool (and half the population at that) is a good idea if it brings more smart, talented, and competent people to work on Security problems, right?