πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27818 β€Ό

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27822 β€Ό

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25677 β€Ό

Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25629 β€Ό

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25631 β€Ό

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25628 β€Ό

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Vishing criminals let rip with two scams at once ⚠

It would be funny if it weren't a crime.

πŸ“– Read

via "Naked Security".
Naked Security
Vishing criminals let rip with two scams at once
It would be funny if it weren’t a crime.
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Attackers Know Microsoft 365 Better Than You Do πŸ•΄

Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.

πŸ“– Read

via "Dark Reading".
Darkreading
Attackers Know Microsoft 365 Better Than You Do
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29539 β€Ό

A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25889 β€Ό

A SQL injection vulnerability in Online Bus Booking System Project Using PHP/MySQL version 1.0 allows remote attackers to bypass authentication and execute arbitrary SQL commands.

πŸ“– Read

via "National Vulnerability Database".
102 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25955 β€Ό

There is a cross-site scripting (XSS) vulnerability in SourceCodester Student Management System Project in PHP 1.0 via the 'add subject' tab.

πŸ“– Read

via "National Vulnerability Database".
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29540 β€Ό

API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port.

πŸ“– Read

via "National Vulnerability Database".
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17531 β€Ό

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.

πŸ“– Read

via "National Vulnerability Database".
111 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How the coronavirus outbreak will affect cybersecurity in 2021 🦿

Ensuring security for employees working remotely was cited as the biggest challenge going into the new year, says Check Point.

πŸ“– Read

via "Tech Republic".
TechRepublic
How the coronavirus outbreak will affect cybersecurity in 2021
Ensuring security for employees working remotely was cited as the biggest challenge going into the new year, says Check Point.
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Adobe Warns Windows, macOS Users of Critical-Severity Flaws ❌

Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.

πŸ“– Read

via "Threat Post".
Threat Post
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  OpenSSL Toolkit 1.1.1i πŸ› 

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1i β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
97 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29575 β€Ό

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26255 β€Ό

Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14.

πŸ“– Read

via "National Vulnerability Database".
81 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29564 β€Ό

The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.

πŸ“– Read

via "National Vulnerability Database".
68 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29579 β€Ό

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.

πŸ“– Read

via "National Vulnerability Database".
69 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29580 β€Ό

The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.

πŸ“– Read

via "National Vulnerability Database".
65 views