Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23347PUBLISHED: 2021-03-03The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
CVE-2021-25315PUBLISHED: 2021-03-03
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 ...
CVE-2021-27921PUBLISHED: 2021-03-03Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2021-27922PUBLISHED: 2021-03-03Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27923PUBLISHED: 2021-03-03Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
User Rank: Apprentice
5/20/2019 | 10:27:09 AM
There is always resistance to any novel idea to get people in to the Security (or IT) field, even if it's entry level and even if it's capturing people already skilled in other areas. That's entirely predictable if we understand that we all self-justify and think the only path that is "good" is the one we took. You see those arguments constantly re: degress are good vs. bad, certs are good vs. bad, etc. So unless YOU had something like a 3-4 month boot camp on ramp then it sounds like a bad idea? "It's not how I did it!" crows the peacock! We need to realize how other people get into the field doesn't undermine our achievements and get over it. Then there is the whole fear of competition, change, or whatever. The Security field has a lot of change and competition in it... so let's get past that and just pull up our big people pants. Get to work solving the problem instead of causing more resistance.
One of the key global competitve advantages is getting ALL your smart people working on tough problems, as opposed to letting societal frameworks narrowly restrict your talent pool. Being good at Security has little to do with a demographic, because your individual characterists (e.g. persistence, analytics, vision, etc.) that make you good at this line of work (or not) always trumps any generic demographic stereotypes. So a targeted outreach to attract an otherwise alienated talent pool (and half the population at that) is a good idea if it brings more smart, talented, and competent people to work on Security problems, right?