Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25168PUBLISHED: 2023-02-09
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an exis...
CVE-2023-0249PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
CVE-2023-0250PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0251PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.
CVE-2022-38777PUBLISHED: 2023-02-08An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
User Rank: Apprentice
3/14/2014 | 1:01:57 PM
This development really highlights the growing difficulty of filtering the signal from the noise in an age of exponentially expanding volume of data. Its like many of us are falling in to the same trap that amateur website owners often do: If everything is in all caps, people will read everything because all caps means its important right? I would not be at all surprised if the same people that evaluated the alarm mentioned in the article were also monitoring alarms from countless workstations and who knows what else. Doesn't surprise me at all that this got lost in the shuflle. But it still terrifies me!
This also underscores the near uselessness of the PCI spec. It is not a something to use to avoid a breach, its something to use to reduce the chance of a lawsuit. "Hey! We were PCI compliant! Its not our fault!"