Security CERT Global

    • CVE-2020-4766
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending ... read more
    • CVE-2020-12512
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12514
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a ... read more
    • CVE-2020-12525
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data ... read more
    • CVE-2021-21260
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers ... read more
    • CVE-2021-21270
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server ... read more
    • CVE-2020-28487
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element ... read more
    • CVE-2020-12511
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web ... read more
    • CVE-2020-12513
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2021-21259
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker ... read more
    • CVE-2021-25177 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-4983 (spectrum_lsf, spectrum_lsf_suite)
      IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM ... read more
    • CVE-2021-25176 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-4887 (aix, vios)
      IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM ... read more
    • CVE-2020-28707 (stockdio_historical_chart)
      The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. ... read more
    • CVE-2021-25178 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. ... read more
    • CVE-2020-28480 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading ... read more
    • CVE-2020-27733 (manageengine_applications_manager)
      Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. ... read more
    • CVE-2020-23342 (anchor_cms)
      A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. ... read more
    • CVE-2020-28479 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. ... read more
    • CVE-2020-12513
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2020-12514
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd ... read more
    • CVE-2020-12511
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. ... read more
    • CVE-2020-12525
      M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. ... read more
    • CVE-2020-12512
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2021-2087 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2076 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2070 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2046 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2081 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2058 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2055 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2088 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2036 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2038 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker ... read more
    • CVE-2021-2048 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2072 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2061 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2030 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2042 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to ... read more
    • CVE-2021-2060 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable ... read more
    • CVE-2021-2122 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2032 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low ... read more
    • CVE-2021-2056 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2031 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-21260
      Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a ... read more
    • CVE-2020-4766
      IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. ... read more
    • CVE-2021-21270
      OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a ... read more
    • CVE-2021-21259
      HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is ... read more
    • CVE-2020-28487
      This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application. ... read more

Competitive Intelligence – CI For Beginners Part 2: Engaging the Process

How do we take this academic model of intelligence, and put it to work?

 

…Each path you decide to take will come with its own learning curve and challenges, but ultimately, your outcome is 100% yours to create. That said, lots of people say “I do competitive intelligence!” and act like it exists in a silo. If we are brutally, completely honest, you will have absolutely zero understanding of the competitors if you don’t also understand your market and industries, your clients/customers and other sociological, economic, and political forces at play….

 

Victoria Richard Article: https://medium.com/@tell_victoria/ci-for-beginners-part-2-engaging-the-process-ebd3d4e64bbc

 

Tags: Competitive Intelligence,