Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31099PUBLISHED: 2022-06-27
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a s...
CVE-2022-31101PUBLISHED: 2022-06-27prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31103PUBLISHED: 2022-06-27
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter),...
CVE-2022-32994PUBLISHED: 2022-06-27Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
CVE-2022-32995PUBLISHED: 2022-06-27Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
User Rank: Ninja
5/27/2013 | 8:38:34 PM
the security of your system seriously this day in age then you are not reading
the news and all the current breeches that are occurring. Most of the current
attacks are due to uninformed employees who answer these phishing emails. I agree
that with proper training an employee could spot a potentially dangerous email.
TwitterGÇÖs recommendation of using a single node in the office is not at all
realistic.at the very least look at emails more cautiously because they are now
aware of the threats that exist. This also touches on the extent that Twitter is
liable for. If a user is careless with their credentials and lacks the knowledge
to protect their own systems, then I do not believe that is TwitterGÇÖs responsibility.
Paul Sprague
InformationWeek Contributor