Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162PUBLISHED: 2021-01-15Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
User Rank: Strategist
6/10/2014 | 12:20:54 AM
you are trying to argue that the outcome of Snowden's actions...which you happen to approve...mitigate the transgressions. not going to fly. he signed an oath. he violated that oath and a multitude of security commitments with KNOWN penalties he agreed to IN ADVANCE of receiving access.
- his actions were pre-meditated
- the "weighting" seems to conveniently miss the fact that he exploited not only his employer/customer....but his teammates as well. the notion that he, in this instance, acted as a beacon of virtue is patently false.
- what NSA, any other organization or person has done is irrelevant to Snowden's culpability.
we can save for another time discussing the laughable circumstances of where he fled to and ensuing actions. yup...pure as a new-born baby's bottom!!
in the end...what you're really arguing is an ancient meme: the ends justify the means. I'd be careful with that one...it is, perhaps, too flexible a rule to live by.