Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28488PUBLISHED: 2021-01-22This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui.
When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
CVE-2021-22847PUBLISHED: 2021-01-22Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849PUBLISHED: 2021-01-22Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567PUBLISHED: 2021-01-21Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
User Rank: Apprentice
7/16/2014 | 10:34:42 AM
I'm part of a growing group of security researchers called I Am The Cavalry and we are pushing for exactly these sorts of collaborations between the research community and manufacturers. So far the people we have talked to in those organizations have been interested in working together but there are few mechanisms to do so. Hopefully this ISAC can serve some of that function.