Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2020-15020: Elementor Website Builder – More than Just a Page Builder

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#android#mac#windows#apple#google#js#git#wordpress#php#perl#acer#auth#chrome#webkit#firefox#sap#ssl
CVE-2020-13753: security - WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

CVE-2020-9839: About the security content of iOS 13.5 and iPadOS 13.5

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

CVE-2020-13388: Joel

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

CVE-2020-9004: Disclosures/CVE-2020-9004-Authenticated Remote Authorization Bypass Leading to RCE-Wowza at master · DrunkenShells/Disclosures

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5.

CVE-2020-3885: About the security content of tvOS 13.4

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

CVE-2020-3909: About the security content of macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

CVE-2020-3878: About the security content of iTunes 12.10.7 for Windows

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2019-8674: About the security content of Safari 13

A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2019-8719: About the security content of iTunes 12.10.1 for Windows

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.