Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
User Rank: Apprentice
8/28/2012 | 2:03:26 AM
All throughout history, there have been things going on that the average Joe or Jane on the street don't know about but should be thankful for - things that their country is doing to protect them, whether they approve or disapprove of it.
Kaspersky's a funny guy here - sure, go ahead, ban malware. Doesn't that put him out of business? And as other posters have mentioned, sure, you can have every country on the face of the planet sign a treaty saying that they won't develop or use malware - but that doesn't keep a 14 year old kid from sitting down and learning assembly, C, or any other language and building something that could obliterate a network. No, a treaty, while nice on paper... exists only on paper.
Having malware banned leads to a false sense of security - sure, let's ban it... and forget how to defend against it. Then when the next attack happens, it's magnitudes worse. And the next attack will happen, it's just a matter of when. You have to be ready for it... and a treaty is not going to do much to help prevent an attack or clean up after one.
Andrew Hornback
InformationWeek Contributor