Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-22568: sdk/CHANGELOG.md at main · dart-lang/sdk

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0

CVE
#sql#vulnerability#web#ios#android#mac#windows#apple#google#linux#nodejs#js#git#java
CVE-2021-40282: ZZCMS2021 sqlinject(1)

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.

CVE-2021-40281: ZZCMS2021 sqlinject(2)

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.

CVE-2021-40280: ZZCMS2021 sqlinject(4)

An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.

CVE-2021-40279: ZZCMS2021 sqlinject(3)

An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.

CVE-2021-44148: Beau Graham

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.

CVE-2021-35414: Security issues - Chamilo LMS

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

CVE-2021-33271: IoT-poc/D-Link-DIR809/vuln11 at master · Lnkvct/IoT-poc

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.

CVE-2021-43687: GitHub - chamilo/chamilo-lms at v1.11.14

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

CVE-2021-42117: Release Notes - TopEase Documentation

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.