Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-29248PUBLISHED: 2022-05-25
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to ...
CVE-2022-29402PUBLISHED: 2022-05-25TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVE-2021-27783PUBLISHED: 2022-05-25User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27779PUBLISHED: 2022-05-25VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
CVE-2021-44719PUBLISHED: 2022-05-25Docker Desktop 4.3.0 has Incorrect Access Control.
User Rank: Apprentice
5/17/2021 | 4:55:29 PM
I would add that cybersecurity pros need to embrace the importance of securing digital identities in their security strategies. As we've witnessed, digital identities (user names and passwords) are the most exploited attack vector - with a valid set of credentials, criminals can just login to get access to critical resources and systems and do significant damage.
Modern approaches to identity security - the protection of human/machine identityes through technologies like dentity proofing, MFA, risk-based authentication - and identity defined security - using a trusted identitiy to further secure transactions throughout the entire technology stack - are important to addressing the cybersecurity realities we face today.