Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2020-19038: Any file deletion in the background · Issue #136 · halo-dev/halo

File Deletion vulnerability in Halo 0.4.3 via delBackup.

CVE
Open in Source
#vulnerability#web#mac#apple#js#git#java#intel#chrome#webkit
CVE-2021-21779: TALOS-2021-1238 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.

CVE-2021-21775: TALOS-2021-1229 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.

CVE-2021-21871: TALOS-2021-1308 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version.

CVE-2020-22164: GitHub - itodaro/PHPGurukul_Hospital_Management_System4.0_cve

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2020-20467: GitHub - itodaro/WhiteSharkSystem_cve

White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.

CVE-2021-33054: sogo/CHANGELOG.md at master · inverse-inc/sogo

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)

CVE-2021-20718: GitHub - zmartzone/mod_auth_openidc: OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

CVE-2020-27229: TALOS-2020-1205 || Cisco Talos Intelligence Group

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.