Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23134PUBLISHED: 2021-05-12Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
CVE-2021-23135PUBLISHED: 2021-05-12Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
CVE-2020-28722PUBLISHED: 2021-05-12Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates.
CVE-2020-18165PUBLISHED: 2021-05-12Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
CVE-2020-19275PUBLISHED: 2021-05-12An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.
0 Comments
Tweet This
User Rank: Ninja
3/29/2017 | 8:44:58 PM
Of course, saying one thing and actually doing it are two completely different things. (I also strongly suspect that the EU will be harsher to US companies than European companies -- or possibly even other non-European countries.)
Take VW, for instance, and the regulatory scandal that emerged when it was discovered that VW had been misrepresenting facts about its diesel vehicles. The amount the US government could have fined VW at maximum would almost certainly have bankrupted and destroyed VW. That, of course, did not happen.