๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3633 โ€ผ

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.

๐Ÿ“– Read

via "National Vulnerability Database".
178 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3615 โ€ผ

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.

๐Ÿ“– Read

via "National Vulnerability Database".
170 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3616 โ€ผ

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.

๐Ÿ“– Read

via "National Vulnerability Database".
157 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-32829 โ€ผ

ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass of the Groovy shell sandbox. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered (sandbox.register()) GroovyInterceptor. Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effective at controlling any code placed in Java annotations and therefore vulnerable to meta-programming escapes. This issue leads to post-authenticated remote code execution. For more details see the referenced GHSL-2021-065. This issue is patched in versions 3.8.21, 3.10.8, and 4.1.0.

๐Ÿ“– Read

via "National Vulnerability Database".
160 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3617 โ€ผ

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.

๐Ÿ“– Read

via "National Vulnerability Database".
173 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-28846 โ€ผ

Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.

๐Ÿ“– Read

via "National Vulnerability Database".
170 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3458 โ€ผ

The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.

๐Ÿ“– Read

via "National Vulnerability Database".
168 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ Data privacy is a growing concern for more consumers ๐Ÿฆฟ

People surveyed by KPMG reported feeling increasingly uneasy about the data collection practices of corporations.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
Data privacy is a growing concern for more consumers | TechRepublic
People surveyed by KPMG reported feeling increasingly uneasy about the data collection practices of corporations.
224 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โŒ The Overlooked Security Risks of The Cloud โŒ

Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.

๐Ÿ“– Read

via "Threat Post".
Threat Post
The Overlooked Security Risks of The Cloud
Nate Warfield, CTO of Prevailion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.
175 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ Data privacy laws are constantly changing: Make sure your business is up to date ๐Ÿฆฟ

Lawyer who specializes in data privacy discusses the importance of knowing the law no matter what size business you operate.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
Data privacy laws are constantly changing: Make sure your business is up to date
Lawyer who specializes in data privacy discusses the importance of knowing the law no matter what size business you operate.
166 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ Lawyer discusses the evolving data privacy laws for businesses ๐Ÿฆฟ

Every size company should know the laws regarding data privacy to avoid legal issues. Here's why it's important.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
Lawyer discusses the evolving data privacy laws for businesses
Every size company should know the laws regarding data privacy to avoid legal issues. Here's why it's important.
145 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-0642 โ€ผ

In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149

๐Ÿ“– Read

via "National Vulnerability Database".
132 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-39242 โ€ผ

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

๐Ÿ“– Read

via "National Vulnerability Database".
128 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-32830 โ€ผ

The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE.

๐Ÿ“– Read

via "National Vulnerability Database".
121 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-0573 โ€ผ

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231635

๐Ÿ“– Read

via "National Vulnerability Database".
114 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-22156 โ€ผ

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerryร‚ยฎ QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

๐Ÿ“– Read

via "National Vulnerability Database".
110 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-0574 โ€ผ

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187234876

๐Ÿ“– Read

via "National Vulnerability Database".
110 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-29056 โ€ผ

Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.

๐Ÿ“– Read

via "National Vulnerability Database".
103 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-0581 โ€ผ

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231638

๐Ÿ“– Read

via "National Vulnerability Database".
102 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-0639 โ€ผ

In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551

๐Ÿ“– Read

via "National Vulnerability Database".
103 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-39241 โ€ผ

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example.

๐Ÿ“– Read

via "National Vulnerability Database".
105 views