πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25136 β€Ό

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44302 β€Ό

BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25365 β€Ό

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24980 β€Ό

An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to.

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0409 β€Ό

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25366 β€Ό

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-20013 β€Ό

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

πŸ“– Read

via "National Vulnerability Database".
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24979 β€Ό

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.

πŸ“– Read

via "National Vulnerability Database".
345 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25256 β€Ό

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.

πŸ“– Read

via "National Vulnerability Database".
445 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0678 β€Ό

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

πŸ“– Read

via "National Vulnerability Database".
437 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0630 β€Ό

Out-of-bounds Read in Homebrew mruby prior to 3.2.

πŸ“– Read

via "National Vulnerability Database".
432 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0632 β€Ό

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

πŸ“– Read

via "National Vulnerability Database".
459 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0690 β€Ό

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

πŸ“– Read

via "National Vulnerability Database".
413 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-1239 β€Ό

duck before 0.10 did not properly handle loading of untrusted code from the current directory..

πŸ“– Read

via "National Vulnerability Database".
409 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ IT Pro News In Review: Nvidia breaks off Arm deal, FCDO security attack, Microsoft to disable VBA πŸ“’

Catch up on the biggest headlines of the week in just two minutes

πŸ“– Read

via "ITPro".
ITPro
IT Pro News In Review: Nvidia breaks off Arm deal, FCDO security attack, Microsoft to disable VBA
Catch up on the biggest headlines of the week in just two minutes
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Moving forward in a work from anywhere world πŸ“’

A gorilla guide

πŸ“– Read

via "ITPro".
IT PRO
Moving forward in a work from anywhere world
A gorilla guide
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Texas sues Facebook for misusing facial recognition data πŸ“’

State wants up to $25,000 per alleged violation for discontinued program

πŸ“– Read

via "ITPro".
IT PRO
Texas sues Facebook for misusing facial recognition data | IT PRO
State wants up to $25,000 per alleged violation for discontinued program
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Mid-sized businesses on hackers’ 2022 hit list, cyber agencies warn πŸ“’

Cyber criminals are "shifting away from big-game hunting", say FBI and NCSC

πŸ“– Read

via "ITPro".
IT PRO
Mid-sized businesses on hackers’ 2022 hit list, cyber agencies warn | IT PRO
Cyber criminals are β€œshifting away from β€œbig-game” hunting", says FBI and NCSC
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Google doubles bug bounty rewards for Linux, Kubernetes exploits πŸ“’

The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind

πŸ“– Read

via "ITPro".
ITPro
Google doubles bug bounty rewards for Linux, Kubernetes exploits
The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
πŸ‘1
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ What is a 502 bad gateway and how do you fix it? πŸ“’

We explain what this networking error means for users and website owners

πŸ“– Read

via "ITPro".
IT PRO
What is a 502 Bad Gateway and how do you fix it? | IT PRO
We explain what the 502 Bad Gateway networking error means for users and website owners, and some potential steps for fixing it
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Apple users told to update their devices to fix critical WebKit flaw πŸ“’

The security flaw allowed code execution on a range of devices and represents the third major vulnerability to be patched by Apple this year

πŸ“– Read

via "ITPro".
IT PRO
Apple users told to update their devices to fix critical WebKit flaw | IT PRO
The security flaw allowed code execution on a range of devices and represents the third major vulnerability to be patched by Apple this year
162 views