Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650PUBLISHED: 2019-12-15python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536PUBLISHED: 2019-12-15CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643PUBLISHED: 2019-12-15jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652PUBLISHED: 2019-12-15JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
User Rank: Strategist
10/16/2019 | 11:49:44 AM
I am about to have a big challenge internally where my organization needs a security analysis for log analysis and basic threat hunting. I am recommending someone with social science, social service, or related field of study with the passion to learn cybersecurity. However, HR has their templates and they tend not to be flexible. My idea is for selected candidates to self-study for CompTIA Security+ online course material 30-days prior to the interview, and the interview would cover questions in cybersecurity in relation to the job description. A candidate who can not only articulate cybersecurity basics but also correlate with their field of study or experience (plus show passion) would be someone I wish to hire, because she/he wants to learn and apply their skills. Don't forget that fundamentally, cybersecurity is in response to a human attacking another human in cyberspace. I would rather have someone who understands the human and can relate to cybersecurity topics, rather than someone who is just pure technical. That to me is worth more than someone with just a cert.