Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Red Hat Security Advisory 2021-4044-01

Red Hat Security Advisory 2021-4044-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Issues addressed include a bypass vulnerability.

Packet Storm
Open in Source
#vulnerability#red_hat#dos#ubuntu#dos#vulnerability#red_hat#vulnerability#vulnerability#vulnerability#web#red_hat#vulnerability#linux#red_hat#vulnerability#red_hat#java#git#vulnerability#ubuntu#sql#vulnerability#vulnerability#red_hat#dos#red_hat#vulnerability#vulnerability#mac#red_hat#web#ubuntu#dos#java#vulnerability#red_hat#vulnerability#linux#red_hat#vulnerability#linux#red_hat
Data breach at US healthcare provider Viverant PT impacts more than 6,500 patients

Minnesota healthcare provider hit by cyber-attack A data breach at a physical therapy center based in the US has breached the personal data of more than 6,500 patients. Viverant PT, based in Minneapol

CVE-2021-41187: Build software better, together

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.32, 2.33, 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one ...

CVE-2021-31849: Security Bulletin - Data Loss Prevention ePO extension update fixes two vulnerabilities (CVE-2021-31848 and CVE-2021-31849)

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.

CVE-2021-26739: There is a sqli vulnerability in pay.php,No admin user login required · Issue #5 · millken/doyocms

SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.

CVE-2020-28702: SQL injection vulnerability in version 5.2.1 · Issue #137 · tomoya92/pybbs

A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information.

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)