Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.
The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module.
In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability.
The directory support feature allows the ...
CVE-2021-23901PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532PUBLISHED: 2021-01-25When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.
The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
User Rank: Apprentice
9/17/2015 | 12:16:11 PM
As seen from the hacker stuff, the weak point in all automotive electronics is the infotainment systems. They have not been protected as well as they should be, and they have been used along with in-depth research to reprogram the micros that are on the CAN bus and send erroneous messages. Harden the entry point (i.e. infotainment) and the rest will be fine.