Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-20099PUBLISHED: 2022-06-27A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.
CVE-2022-2221PUBLISHED: 2022-06-27Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
CVE-2022-28622PUBLISHED: 2022-06-27A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
CVE-2022-31034PUBLISHED: 2022-06-27
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in paramete...
CVE-2022-31035PUBLISHED: 2022-06-27
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with th...
User Rank: Apprentice
5/20/2019 | 10:27:09 AM
There is always resistance to any novel idea to get people in to the Security (or IT) field, even if it's entry level and even if it's capturing people already skilled in other areas. That's entirely predictable if we understand that we all self-justify and think the only path that is "good" is the one we took. You see those arguments constantly re: degress are good vs. bad, certs are good vs. bad, etc. So unless YOU had something like a 3-4 month boot camp on ramp then it sounds like a bad idea? "It's not how I did it!" crows the peacock! We need to realize how other people get into the field doesn't undermine our achievements and get over it. Then there is the whole fear of competition, change, or whatever. The Security field has a lot of change and competition in it... so let's get past that and just pull up our big people pants. Get to work solving the problem instead of causing more resistance.
One of the key global competitve advantages is getting ALL your smart people working on tough problems, as opposed to letting societal frameworks narrowly restrict your talent pool. Being good at Security has little to do with a demographic, because your individual characterists (e.g. persistence, analytics, vision, etc.) that make you good at this line of work (or not) always trumps any generic demographic stereotypes. So a targeted outreach to attract an otherwise alienated talent pool (and half the population at that) is a good idea if it brings more smart, talented, and competent people to work on Security problems, right?