🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45927 ‼

MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).

📖 Read

via "National Vulnerability Database".
352 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45937 ‼

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).

📖 Read

via "National Vulnerability Database".
384 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44852 ‼

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.

📖 Read

via "National Vulnerability Database".
463 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41819 ‼

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

📖 Read

via "National Vulnerability Database".
🔥1
497 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43333 ‼

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.

📖 Read

via "National Vulnerability Database".
513 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45960 ‼

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

📖 Read

via "National Vulnerability Database".
526 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45972 ‼

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

📖 Read

via "National Vulnerability Database".
614 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44896 ‼

DMP Roadmap before 3.0.4 allows XSS.

📖 Read

via "National Vulnerability Database".
620 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22293 ‼

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.

📖 Read

via "National Vulnerability Database".
651 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0080 ‼

mruby is vulnerable to Heap-based Buffer Overflow

📖 Read

via "National Vulnerability Database".
659 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36751 ‼

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)

📖 Read

via "National Vulnerability Database".
618 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0079 ‼

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information

📖 Read

via "National Vulnerability Database".
535 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30276 ‼

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
487 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30289 ‼

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
435 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-1894 ‼

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
315 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30282 ‼

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
259 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30270 ‼

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
223 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30274 ‼

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30336 ‼

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30267 ‼

Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30269 ‼

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
174 views