Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32428PUBLISHED: 2022-07-01SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.
CVE-2022-27904PUBLISHED: 2022-07-01The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.
CVE-2022-32295PUBLISHED: 2022-07-01On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
CVE-2022-32988PUBLISHED: 2022-07-01
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp,...
CVE-2022-33085PUBLISHED: 2022-06-30ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
User Rank: Author
10/23/2019 | 12:18:40 PM
All EV certificates include the authenticated identity information of the company operating the site. This authentication follows codified methodology that has proven effective in more then ten years of widespread global use. Browsers have the opportunity to dispay this information so that a user can distinguish between a real site and a crafty criminal fake.
Unfortunately, popular browsers Chrome and Firefox have chosen not to display this information. The good news for users is that they have alternatives that do. Browsers like Safari and Edge change their interface to indicate that EV authenticated information is available and allow users to view it.