Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-28200PUBLISHED: 2022-07-02
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can ext...
CVE-2022-32551PUBLISHED: 2022-07-02Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVE-2022-32411PUBLISHED: 2022-07-01An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412PUBLISHED: 2022-07-01An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903PUBLISHED: 2022-07-01GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
User Rank: Ninja
5/27/2013 | 2:56:28 PM
in order to keep your security systems up to date they must under go personal
penetration testing to see what their threats and vulnerabilities are. I have
to further say that if you are a large company then you must go through these
tests in order to ensure the security of your users data. I still say even if
you are a small mom and pop shop you should do a little homework in regards to
maintaining your own security. LivingSocial at the very least was smart enough
to encrypt the passwords, so the attackers were limited in some source.
Paul Sprague
InformationWeek Contributor