Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-28200PUBLISHED: 2022-07-02
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can ext...
CVE-2022-32551PUBLISHED: 2022-07-02Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVE-2022-32411PUBLISHED: 2022-07-01An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412PUBLISHED: 2022-07-01An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903PUBLISHED: 2022-07-01GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
User Rank: Ninja
2/15/2013 | 6:23:03 PM
Correct me if I am
wrong but isnGÇÖt the leading threat for companies information security current
and former employees? -áI believe the lack
of knowledge that employees have regarding this policy is probably the leading
reason for the high percentages. I blame both the employer and employee. I
blame the employer for not properly training their employees that this is not a
practice they partake in and refer to the company policy. As far as employees
it is their responsibility to keep up to date with changes regarding their behaviors
in the office and what they are allowed and not allowed to do with their intellectual
property.
Paul Sprague
InformationWeek Contributor
-á