πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26201 β€Ό

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44321 β€Ό

Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0831 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43393 β€Ό

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0832 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

πŸ“– Read

via "National Vulnerability Database".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards πŸ—“οΈ

Company traces compromise to vulnerability in payment processor’s systems

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards
Company traces compromise to vulnerability in payment processor’s systems
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript] ⚠

Latest episode - listen now (or read it, if that's your preference)...

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
Latest episode – listen now (or read it, if that’s your preference)…
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Free HermeticRansom Ransomware Decryptor Released ❌

Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.

πŸ“– Read

via "Threat Post".
Threat Post
Free HermeticRansom Ransomware Decryptor Released
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18327 β€Ό

Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23729 β€Ό

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46381 β€Ό

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46379 β€Ό

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
163 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46382 β€Ό

Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18324 β€Ό

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26336 β€Ό

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46380 β€Ό

Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3744 β€Ό

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0839 β€Ό

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23397 β€Ό

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability.

πŸ“– Read

via "National Vulnerability Database".
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18325 β€Ό

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18326 β€Ό

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

πŸ“– Read

via "National Vulnerability Database".
171 views