Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940PUBLISHED: 2021-03-03resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314PUBLISHED: 2021-03-03GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.
User Rank: Apprentice
7/24/2020 | 5:26:05 AM
I nearly didn't comment on this article but then I'm not standing in the gap and speaking up about this issue and then I become part of the problem.
If a tool is selected on its ability to fulfill a need/remove a pain point first, followed by how much then we should be looking at our data/need/pain point before we even start and if our data/need/pain point isn't diverse then we're not fulfilling the need - we're missing HUGE groups of people and HUGE groups of issues that we're not looking into/responding to.
I find it ironic that the article finishes with Stewart leading a discussion session at Black Hat USA Virtual - that's a whole other topic of conversation but at least there's a discussion about systemic racism.