πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25017 β€Ό

Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.

πŸ“– Read

via "National Vulnerability Database".
170 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35115 β€Ό

Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35088 β€Ό

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35089 β€Ό

Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35117 β€Ό

An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

πŸ“– Read

via "National Vulnerability Database".
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-30328 β€Ό

Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-30332 β€Ό

Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

πŸ“– Read

via "National Vulnerability Database".
πŸ‘2
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-30333 β€Ό

Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

πŸ“– Read

via "National Vulnerability Database".
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers πŸ—“οΈ

Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46443 β€Ό

Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path.

πŸ“– Read

via "National Vulnerability Database".
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Apple Rushes Out Patches for 0-Days in MacOS, iOS ❌

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.

πŸ“– Read

via "Threat Post".
Threat Post
Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ GitLab addresses critical account hijack bug πŸ—“οΈ

Monthly release also addresses pair of stored XSS flaws

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab addresses critical account hijack bug
Monthly release also addresses pair of stored XSS flaws
πŸ‘1
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ More Than Ever, Security Matters πŸ•΄

Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.

πŸ“– Read

via "Dark Reading".
Dark Reading
More Than Ever, Security Matters
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24181 β€Ό

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

πŸ“– Read

via "National Vulnerability Database".
345 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Bug Bounty Radar // The latest bug bounty programs for April 2022 πŸ—“οΈ

New web targets for the discerning hacker

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for April 2022
New web targets for the discerning hacker
363 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44135 β€Ό

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.

πŸ“– Read

via "National Vulnerability Database".
339 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 4/1 πŸ”

Hacked satellites, how technology enables data protection, and the fastest ransomware - catch up on the infosec news of the week with the Friday Five!

πŸ“– Read

via "".
Digital Guardian
Friday Five 4/1
Hacked satellites, how technology enables data protection, and the fastest ransomware - catch up on the infosec news of the week with the Friday Five!
347 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What You Need to Know About PCI DSS 4.0's New Requirements πŸ•΄

The goal for PCI DSS v4.0 is to β€œaddress emerging threats and technologies and enable innovative methods to combat new threats” to customer payment information, the PCI Security Standards Council says.

πŸ“– Read

via "Dark Reading".
Dark Reading
What You Need to Know About PCI DSS 4.0's New Requirements
The updated security payment standard's goal is to β€œaddress emerging threats and technologies and enable innovative methods to combat new threats” to customer payment information, the PCI Security Standards Council says.
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22404 β€Ό

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22332 β€Ό

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-21235 β€Ό

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

πŸ“– Read

via "National Vulnerability Database".
256 views