Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2020-9967: About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE
Open in Source
#xss#web#ios#mac#apple#google#cisco#dos#js#git#intel#buffer_overflow#alibaba#auth#zero_day#ruby#webkit#wifi
CVE-2021-1772: About the security content of iOS 14.4 and iPadOS 14.4

A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.

CVE-2020-13558: TALOS-2020-1172 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

CVE-2021-22877: Wrong (malformed) external storage credentials saved in `oc_storages_credentials` · Issue #24600 · nextcloud/server

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.

CVE-2020-13550: TALOS-2020-1168 || Cisco Talos Intelligence Group

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.

CVE-2020-35416: PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting ≈ Packet Storm

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

CVE-2020-7793: Fix ReDoS vulnerabilities reported by Snyk · faisalman/ua-parser-js@6d1f26d

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

CVE-2020-9945: About the security content of macOS Big Sur 11.0.1

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

CVE-2020-9942: About the security content of Safari 13.1.2

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.

CVE-2020-9943: About the security content of watchOS 7.0

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.