Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632PUBLISHED: 2021-05-15A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073PUBLISHED: 2021-05-15DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033PUBLISHED: 2021-05-14The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034PUBLISHED: 2021-05-14In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044PUBLISHED: 2021-05-14The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
0 Comments
Tweet This
User Rank: Strategist
3/31/2017 | 4:31:33 PM
The proposition that a "30%" failure rate is a realiable benchmark for a universal catch-all benchmark for "traditional AV" - whatever that is nowadays - sounds pretty high to me.
And that "30%" is "new"? "Zero-day" ?
Presumably that 30% includes stuff with the tiniest of code deviations from a long established malware family? Is that really 'new' ?
There's certainly the core of a decent case here. I'm good with that.
Seems to me there's a bit of 'amplification' going on as well, though.