Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-28200PUBLISHED: 2022-07-02
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can ext...
CVE-2022-32551PUBLISHED: 2022-07-02Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVE-2022-32411PUBLISHED: 2022-07-01An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412PUBLISHED: 2022-07-01An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903PUBLISHED: 2022-07-01GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
User Rank: Author
2/12/2014 | 10:13:44 AM
To me the best signal of a great security culture is that security has been made "visible" -- there are artifacts available and people encourage informed and rational discussion of security issues. Beware that "black-and-white" thinking! What other signals do you see of either great or terrible security culture?