Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.
The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module.
In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability.
The directory support feature allows the ...
CVE-2021-23901PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532PUBLISHED: 2021-01-25When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.
The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
User Rank: Apprentice
11/20/2013 | 1:04:25 PM
Of course before someone brands me as a bleeding heart for criminals, if the evidence that establishes them as suspects was not obtained with due process, it has to be discarded. Why? I'm thinking of the person who is pulled over for speeding, gets belligerent and suddenly everything on their personal device is on Twitter. Although it was stupid to make the police angry and get arrested, is it reasonable to assume everything on their smart phone is now discoverable? No crime ends up being found but revealing that private information could forever alter their life. It's not right if it's reasonable for a person in that situation to expect smart phone privacy as much as their own thoughts.