Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31263PUBLISHED: 2022-05-24app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
CVE-2022-0734PUBLISHED: 2022-05-24
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could a...
CVE-2022-0910PUBLISHED: 2022-05-24
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versio...
CVE-2022-29305PUBLISHED: 2022-05-24imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.
CVE-2022-29309PUBLISHED: 2022-05-24mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
User Rank: Author
7/29/2020 | 3:52:56 PM
It's impressive the about face that can occur when a patch or upgrade is associated, directly or indirectly, to protecting a 7 figure deal. It not ALWAYS effective, but it's a valuable lever to move the conversation along and illustrates a business risk focus to senior leadership. In doing so, we can move the perception of our work from being alarmist to directly affecting the bottom line.