Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26961PUBLISHED: 2021-03-05
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a ...
CVE-2021-26962PUBLISHED: 2021-03-05
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could a...
CVE-2020-29134PUBLISHED: 2021-03-05TOTVS Fluig Luke platform allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217 Fluig Lake 1.7.0-210112 Fluig Lake 1.7.0-201215 Fluig Lake 1.7.0-201124 Fluig Lake 1.7.0-200915
CVE-2021-26960PUBLISHED: 2021-03-05
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a ...
CVE-2021-28026PUBLISHED: 2021-03-05jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.
User Rank: Ninja
7/16/2014 | 9:52:35 AM
Automobile computer environments are really just a microcosm of IT infrastructures we see in organizations. They are comprised of multiple computers, each with their own functions, and most of them communicate with each other via a data network. Shouldn't we see proper segmentation and layered security within those automobile computer systems, in the same way we see them in our organizational computing environments? I realize that additional layers of security incur additional expense, and impact automated decisions cricital in the safe operation of the vehicle, but certainly the scenario above, and other, more potentially damaging scenarios justify the need.
I certainly hope that automobile systems security isn't treated in the same way that King Roland secured their "air shield", prompting Dark Helmet's comment "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"