Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-26948: SEGV on unknown address 0x000000000000 · Issue #410 · michaelrsweet/htmldoc

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.

CVE
#mac#apple#ubuntu#linux#dos#git
CVE-2022-22700: CyberArk Identity Release Notes

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.

CVE-2022-22706: Arm Security Updates | Mali GPU Driver Vulnerabilities – Arm Developer

An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.

CVE-2022-24573: Element-IT software products news

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.

CVE-2022-23387: There is SQL blind injection at "Comment Update" · Issue #23 · taogogo/taocms

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.

CVE-2022-23380: There is SQL blind injection at "Admin Edit" · Issue #16 · taogogo/taocms

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

CVE-2022-26332: Offensive Security’s Exploit Database Archive

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.

CVE-2022-25148: WordPress Plugin WP Statistics <= 13.1.5 - Multiple Unauthenticated SQL Injection vulnerabilities

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

CVE-2022-25307: WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting in platform

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.

CVE-2022-25149: WordPress Plugin WP Statistics >= 13.1.5 - Multiple Unauthenticated SQL Injection vulnerabilities

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.