Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940PUBLISHED: 2021-03-03resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314PUBLISHED: 2021-03-03GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.
User Rank: Ninja
9/4/2015 | 5:39:26 AM
Another important factor: crisis response. Adobe presents a great example of what not to do. With their major breach a while back, the company first estimated that just under 3 million customers had been impacted. They later amended that number to at least 38 million. Eventually, it was revealed that more than 150 million customers' information was compromised.
Not good for business.