Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1898PUBLISHED: 2022-05-27Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1907PUBLISHED: 2022-05-27Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.
CVE-2022-1908PUBLISHED: 2022-05-27Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.
CVE-2022-1909PUBLISHED: 2022-05-27Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
CVE-2022-28394PUBLISHED: 2022-05-27
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Please note that this was reported on an EOL...
User Rank: Ninja
7/19/2019 | 10:29:39 AM
But there is a bigger question to this dilemma; what if they do care where the parts come from and if the supplier added components that were not listed on the SKU (parts listing) and they discovered this device was sending information back to an unknown location where this data was tagged, labeled and could be used for purposes to affect the lives of others. Now the severity and importance have changed (i.e. NSA Prism's - Cisco Firmware upgrade to boards sent to China, France's Monitoring/Phone Tampering, SuperMicro Embedded Micro-Chips, Google/Apple/Microsoft embedded applications to capture user patterns - Telemetry). So now the dynamic changes because now it is affecting the lives of others.
I think we can try to mitigate the process but the problem is not the process, it is the underlying spy game that is being played by nation-states and the competitive advantage they are trying to gain. The root cause of the problem is in front of us, there needs to be clear rules that we both (the US and others) follow where we keep each other accountable to deter the wrong-doings; more nation-state policing such as fines, penalties, and sanctions is the only way to address this problem (use Blockchain's immutable process of capturing purchases and following the process from start to finish but there are ways - Cisco FW and SuperMicro - to step around the process). If this is not addressed at the executive and presidential level, no matter how intricate a process we have in place to monitor and mitigate breaches, there will always be another way to circumvent what we have, there really needs to be a truce.
Todd