Apple Patches Three iOS Zero-Day Vulnerabilities

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-23359
PUBLISHED: 2021-01-27

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.

CVE-2020-23360
PUBLISHED: 2021-01-27

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php

CVE-2020-23361
PUBLISHED: 2021-01-27

phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

CVE-2021-25311
PUBLISHED: 2021-01-27

condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.

CVE-2021-25312
PUBLISHED: 2021-01-27

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.