Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3326PUBLISHED: 2021-01-27The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-22641PUBLISHED: 2021-01-27A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22653PUBLISHED: 2021-01-27Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22655PUBLISHED: 2021-01-27Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-26276PUBLISHED: 2021-01-27** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.
User Rank: Ninja
6/9/2017 | 3:28:33 PM
Condolences, though, on your role as an investigator. It seems it must be hard being an investigator in software security if you are not the one defining who you take down. Like law enforcement, the judicial system, and financial industries, there are countless gray areas in InfoSec. How do you know who to arrest, who to prosecute, and who is better to let go in favor of bigger fish.
Cyber criminals come in all shapes and sizes, too. Some can be tracked and taken down with little resistance while others are part of a larger "army" who can be unforgiving once they know you have them in your sights.
But kudos again for giving back, and digging under the casing. With a focus on code, perhaps you'll be in better shape than as an investigator. Don't get me wrong, boy do we need InfoSec investigative work. But I don't envy those who do it.
Nice to see a personal story once in a while here on DR.