๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.9K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.9K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-13544 โ€ผ

An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021รขโ‚ฌโ„ขs TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loopรขโ‚ฌโ„ขs index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
85 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-13545 โ€ผ

An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021รขโ‚ฌโ„ขs TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
74 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36174 โ€ผ

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

๐Ÿ“– Read

via "National Vulnerability Database".
71 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-27285 โ€ผ

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

๐Ÿ“– Read

via "National Vulnerability Database".
70 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36172 โ€ผ

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.

๐Ÿ“– Read

via "National Vulnerability Database".
68 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36175 โ€ผ

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.

๐Ÿ“– Read

via "National Vulnerability Database".
68 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36173 โ€ผ

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.

๐Ÿ“– Read

via "National Vulnerability Database".
69 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-8160 โ€ผ

MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

๐Ÿ“– Read

via "National Vulnerability Database".
71 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36176 โ€ผ

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.

๐Ÿ“– Read

via "National Vulnerability Database".
72 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36177 โ€ผ

RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.

๐Ÿ“– Read

via "National Vulnerability Database".
78 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2012-10001 โ€ผ

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.

๐Ÿ“– Read

via "National Vulnerability Database".
86 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-36171 โ€ผ

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.

๐Ÿ“– Read

via "National Vulnerability Database".
91 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-27279 โ€ผ

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).

๐Ÿ“– Read

via "National Vulnerability Database".
99 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Zyxel hardcoded admin password found โ€“ patch now! โš 

Hardcoded passwords are always wrong - they are equivalent to implanting a global backdoor and hoping no one will find it.

๐Ÿ“– Read

via "Naked Security".
Naked Security
Zyxel hardcoded admin password found โ€“ patch now!
Hardcoded passwords are always wrong โ€“ they are equivalent to implanting a global backdoor and hoping no one will find it.
108 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ Linux: How to create a new user with admin privileges ๐Ÿฆฟ

Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
How to create a new user with admin privileges on Linux
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.
114 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ” NSA Provides Direction on Eliminating Obsolete Encryptionn Protocols ๐Ÿ”

Moving on from old, out-of-date encryption protocols can protect sensitive and valuable data from being accessed by adversaries, the NSA reiterated this week.

๐Ÿ“– Read

via "Digital Guardian".
Digital Guardian
NSA Provides Direction on Eliminating Obsolete Encryptionn Protocols
Moving on from old, out-of-date encryption protocols can protect sensitive and valuable data from being accessed by adversaries, the NSA reiterated this week.
93 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-5105 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
85 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-5106 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
75 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2019-16962 โ€ผ

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.

๐Ÿ“– Read

via "National Vulnerability Database".
85 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-5104 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
86 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-5102 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
80 views