Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1813PUBLISHED: 2022-05-22OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
CVE-2022-1809PUBLISHED: 2022-05-21Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-31267PUBLISHED: 2022-05-21Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.
CVE-2022-31268PUBLISHED: 2022-05-21A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
CVE-2022-31264PUBLISHED: 2022-05-21Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
User Rank: Apprentice
7/24/2020 | 5:26:05 AM
I nearly didn't comment on this article but then I'm not standing in the gap and speaking up about this issue and then I become part of the problem.
If a tool is selected on its ability to fulfill a need/remove a pain point first, followed by how much then we should be looking at our data/need/pain point before we even start and if our data/need/pain point isn't diverse then we're not fulfilling the need - we're missing HUGE groups of people and HUGE groups of issues that we're not looking into/responding to.
I find it ironic that the article finishes with Stewart leading a discussion session at Black Hat USA Virtual - that's a whole other topic of conversation but at least there's a discussion about systemic racism.