Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-29474
PUBLISHED: 2021-04-26
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server’s filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can …
CVE-2021-22669
PUBLISHED: 2021-04-26
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an admini…
CVE-2021-29473
PUBLISHED: 2021-04-26
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadat…
CVE-2021-29475
PUBLISHED: 2021-04-26
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to…
CVE-2021-31646
PUBLISHED: 2021-04-26
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php – it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack.
The post Apple Patches Serious MacOS Security Flaw appeared first on Malware Devil.
https://malwaredevil.com/2021/04/26/apple-patches-serious-macos-security-flaw-2/?utm_source=rss&utm_medium=rss&utm_campaign=apple-patches-serious-macos-security-flaw-2
No comments:
Post a Comment