🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-40537

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.

📖 Read

via "National Vulnerability Database".
118 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-38388

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.

📖 Read

via "National Vulnerability Database".
117 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-31274

In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.

📖 Read

via "National Vulnerability Database".
127 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-36215

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-36216

LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.

📖 Read

via "National Vulnerability Database".
131 views
🛡 Cybersecurity & Privacy 🛡 - News
What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

There are a lot of "tells" that the ransomware group doesn't understand how negotiators work, despite threatening to dox data if victims call for help.

📖 Read

via "Threat Post".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-40797

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-19137

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

📖 Read

via "National Vulnerability Database".
112 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-36440

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.

📖 Read

via "National Vulnerability Database".
113 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".

📖 Read

via "National Vulnerability Database".
110 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-26772

Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-40812

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-30605

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 Enhancing cybersecurity skills for the entire workforce must be a priority for cyber-resilience 🦿

Technology is not the only answer: An expert suggests improving the human cyber capacity of a company's workforce plus cybersecurity technology offers a better chance of being safe.

📖 Read

via "Tech Republic".
TechRepublic
Enhancing cybersecurity skills for the entire workforce must be a priority for cyber-resilience
Technology is not the only answer: An expert suggests improving the human cyber capacity of a company's workforce plus cybersecurity technology offers a better chance of being safe.
250 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-40814

The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.

📖 Read

via "National Vulnerability Database".
255 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-40818

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.

📖 Read

via "National Vulnerability Database".
261 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-34786

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-30294

Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".
214 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-1952

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-34785

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-30295

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
130 views