safari vulnerabilities and exploits

4
CVSSv2
CVE-2019-13385

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log....

Centos-webpanelCentos Web Panel
5.8
CVSSv2
CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox <...

6.8
CVSSv2
CVE-2018-17462

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page....

6.4
CVSSv2
CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the...

3.3
CVSSv2
CVE-2018-3055

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM...

OracleVm Virtualbox
4.1
CVSSv2
CVE-2018-2698

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...

OracleVm Virtualbox
4.6
CVSSv2
CVE-2018-2860

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure...

OracleVm Virtualbox
6.5
CVSSv2
CVE-2019-13978

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request....

3.5
CVSSv2
CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=....

Ovidentia
NA
CVE-2019-8647

Apple watchOS could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free flaw in the Core Data component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on...