πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46658 β€Ό

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.

πŸ“– Read

via "National Vulnerability Database".
361 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46657 β€Ό

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

πŸ“– Read

via "National Vulnerability Database".
435 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24123 β€Ό

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.

πŸ“– Read

via "National Vulnerability Database".
467 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24124 β€Ό

The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.

πŸ“– Read

via "National Vulnerability Database".
504 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0273 β€Ό

Improper Access Control in Pypi calibreweb prior to 0.6.16.

πŸ“– Read

via "National Vulnerability Database".
456 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0339 β€Ό

Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.

πŸ“– Read

via "National Vulnerability Database".
πŸ”₯1
516 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0407 β€Ό

Heap-based Buffer Overflow in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
549 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0408 β€Ό

Stack-based Buffer Overflow in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
508 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0413 β€Ό

Use After Free in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
518 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23520 β€Ό

The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object.

πŸ“– Read

via "National Vulnerability Database".
459 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0414 β€Ό

Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.

πŸ“– Read

via "National Vulnerability Database".
444 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23521 β€Ό

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.

πŸ“– Read

via "National Vulnerability Database".
409 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44255 β€Ό

Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.

πŸ“– Read

via "National Vulnerability Database".
325 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Looming CISO Mental Health Crisis β€” and What to Do About It, Part 2 πŸ•΄

Letting mental health issues fester may result in burnout and attrition, which affect both the company and the humans it employs.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Looming CISO Mental Health Crisis β€” and What to Do About It, Part 2
Letting mental health issues fester may result in burnout and attrition, which affect both the company and the humans it employs.
321 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ No smoke without fire? β€˜Critical’ Loguru security flaw turns out to be non-issue πŸ—“οΈ

Invalid CVE saga highlights potential problems in the automated vulnerability alert process

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
No smoke without fire? β€˜Critical’ Loguru security flaw turns out to be non-issue
Invalid CVE saga highlights potential problems in the automated vulnerability alert process
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Crypto Agility: Solving for the Inevitable πŸ•΄

The advent of viable quantum computers will threaten today’s encryption standards, which are the basis of Internet security. Cryptographic agility is the key to post-quantum computing security, although implementing it will be a formidable challenge.

πŸ“– Read

via "Dark Reading".
Dark Reading
Crypto Agility: Solving for the Inevitable
The advent of viable quantum computers will threaten today’s encryption standards, which are the basis of Internet security. Cryptographic agility is the key to post-quantum computing security, although implementing it will be a formidable challenge.
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-28962 β€Ό

Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46101 β€Ό

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.

πŸ“– Read

via "National Vulnerability Database".
244 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36056 β€Ό

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option.

πŸ“– Read

via "National Vulnerability Database".
252 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36064 β€Ό

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Zero Trust Timer Is on for Federal Agencies β€” How Ready Are They? πŸ•΄

A new study coincides with OMB’s finalization of its zero-trust strategy through 2024.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Zero-Trust Timer Is on for Federal Agencies β€” How Ready Are They?
A new study coincides with OMB’s finalization of its zero-trust strategy through 2024.
245 views