🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41976 ‼

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41563 ‼

Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41568 ‼

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32029 ‼

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-20600 ‼

Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up.

📖 Read

via "National Vulnerability Database".
131 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41565 ‼

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.

📖 Read

via "National Vulnerability Database".
138 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41918 ‼

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41567 ‼

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41974 ‼

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.

📖 Read

via "National Vulnerability Database".
204 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 You can create Let's Encrypt SSL certificates with acme.sh on Linux 🦿

Let's make issuing and installing SSL certificates less of a challenge. Tools like acme.sh can help. Jack Wallen shows you how to install and use this handy script.

📖 Read

via "Tech Republic".
TechRepublic
You can create Let's Encrypt SSL certificates with acme.sh on Linux
Let's make issuing and installing SSL certificates less of a challenge. Tools like acme.sh can help. Jack Wallen shows you how to install and use this handy script.
292 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-4654 ‼

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

📖 Read

via "National Vulnerability Database".
216 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-29906 ‼

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42109 ‼

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.

📖 Read

via "National Vulnerability Database".
223 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 North American Orgs Hit With an Average of 497 Cyberattacks per Week 🕴

A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began.

📖 Read

via "Dark Reading".
Dark Reading
North American Orgs Hit With an Average of 497 Cyberattacks per Week
A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began.
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30632 ‼

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
190 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42112 ‼

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

📖 Read

via "National Vulnerability Database".
187 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30625 ‼

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
184 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30626 ‼

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30627 ‼

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
203 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30629 ‼

Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
214 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-22617 ‼

Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.

📖 Read

via "National Vulnerability Database".
248 views