Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581PUBLISHED: 2021-03-05The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042PUBLISHED: 2021-03-05Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041PUBLISHED: 2021-03-05ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377PUBLISHED: 2021-03-05The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
User Rank: Ninja
2/28/2019 | 9:35:01 PM
Yes there are deficiencies. But I believe it to be a better allocation of funding to try and create more proficient and consistent coding then trying to throw bodies at it retroactively for review. I understand that if there is a shortage in one security facet then it may persist into others. But coders and app dev individuals that could be helpful in this endeavor are not part of that shortage.
Respectfully, I understand your inquiry. But I'm an Security Engineer. Crafting solutions is part of my day to day and this is again just one person's opinion at a plausible solution. Without attempting any solutions, we will all pontificate until this article is re-written in the years to come.