Cyber Security

Tulsa Deals With Aftermath of Ransomware Attack

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-28588
PUBLISHED: 2021-05-10

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s l…

CVE-2021-21428
PUBLISHED: 2021-05-10

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation proces…

CVE-2021-29022
PUBLISHED: 2021-05-10

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

CVE-2020-27226
PUBLISHED: 2021-05-10

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2020-27229
PUBLISHED: 2021-05-10

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authentic…



 Source link

Back to top button
SoundCloud To Mp3