Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25252PUBLISHED: 2021-03-03Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2021-26813PUBLISHED: 2021-03-03markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
CVE-2021-27215PUBLISHED: 2021-03-03
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the...
CVE-2021-3419PUBLISHED: 2021-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-15937PUBLISHED: 2021-03-03An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
User Rank: Apprentice
5/20/2019 | 10:27:09 AM
There is always resistance to any novel idea to get people in to the Security (or IT) field, even if it's entry level and even if it's capturing people already skilled in other areas. That's entirely predictable if we understand that we all self-justify and think the only path that is "good" is the one we took. You see those arguments constantly re: degress are good vs. bad, certs are good vs. bad, etc. So unless YOU had something like a 3-4 month boot camp on ramp then it sounds like a bad idea? "It's not how I did it!" crows the peacock! We need to realize how other people get into the field doesn't undermine our achievements and get over it. Then there is the whole fear of competition, change, or whatever. The Security field has a lot of change and competition in it... so let's get past that and just pull up our big people pants. Get to work solving the problem instead of causing more resistance.
One of the key global competitve advantages is getting ALL your smart people working on tough problems, as opposed to letting societal frameworks narrowly restrict your talent pool. Being good at Security has little to do with a demographic, because your individual characterists (e.g. persistence, analytics, vision, etc.) that make you good at this line of work (or not) always trumps any generic demographic stereotypes. So a targeted outreach to attract an otherwise alienated talent pool (and half the population at that) is a good idea if it brings more smart, talented, and competent people to work on Security problems, right?