Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31099PUBLISHED: 2022-06-27
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a s...
CVE-2022-31101PUBLISHED: 2022-06-27prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31103PUBLISHED: 2022-06-27
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter),...
CVE-2022-32994PUBLISHED: 2022-06-27Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
CVE-2022-32995PUBLISHED: 2022-06-27Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
User Rank: Ninja
3/17/2013 | 1:03:04 AM
It is funny how quick
one will turn when faced when jail time. I think that SabuGÇÖs biggest contributions
to the Feds were not the people he rolled on, but exposing the unknown
vulnerabilities, and eliminating those threats. I like how it was pointed out
that it is individuals and not computers that are responsible for these
attacks. I believe that people associate computers with threats and vulnerabilities,
although responsible for some security flaws, it is the intent of a individual behind
the attacks. I understand that the Feds are responsible for arresting these
hackers, but it would have been nice to know they caught them through forensics
and not handed to them. That would have given me confidence in our defense,
actually catching them by detecting and investigating then tracing these attacks
to the individuals.
Paul Sprague
InformationWeek Contributor
-á