Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2289PUBLISHED: 2022-07-03Use After Free in GitHub repository vim/vim prior to 9.0.
CVE-2022-2288PUBLISHED: 2022-07-03Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
CVE-2022-2290PUBLISHED: 2022-07-03Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
CVE-2022-2287PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
User Rank: Ninja
8/14/2019 | 3:56:57 PM
This lawsuit is almost laughable, anything that is deemed positive can be turned negative. Github is a repository for developers to come up with code and sharing that code with other organizations to address problems in the wild, I think this is more of a company trying to divert blame as opposed to facing the facts and being accountable for their actions. This says alot about CapitalOne - the organization - who has been blindsided by someone whom they dealt with in the recent past; but it also sheds light on their lack of oversight and attention to detail (this says a lot about the organization as a whole).
I am looking forward to hearing more about the lawsuit and interested in hearing what the judge says in the hearing, this should be interesting.
T