Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-40134PUBLISHED: 2023-01-30An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVE-2022-40135PUBLISHED: 2023-01-30An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVE-2022-40136PUBLISHED: 2023-01-30An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVE-2022-40137PUBLISHED: 2023-01-30A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-48006PUBLISHED: 2023-01-30An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
User Rank: Strategist
6/20/2019 | 3:35:53 PM
This article provides really clear insight as to why the security is an absolute necessity when it comes to development. The tech advisory business at which I work, Digital Maelstrom, has been utilizing this Secure Software Development Life Cycle for the past several years and it has consistently yielded great results. Following this life cycle proved to be so effective with our clients that we even began offering it as one of our main services under the umbrella of our Security pillar. Thanks for posting, Leigh-Anne.