🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28381 ‼

Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.

📖 Read

via "National Vulnerability Database".
536 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28378 ‼

Craft CMS before 3.7.29 allows XSS.

📖 Read

via "National Vulnerability Database".
526 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0405 ‼

Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.

📖 Read

via "National Vulnerability Database".
498 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0406 ‼

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.

📖 Read

via "National Vulnerability Database".
442 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28379 ‼

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.

📖 Read

via "National Vulnerability Database".
404 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28380 ‼

The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used.

📖 Read

via "National Vulnerability Database".
410 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30061 ‼

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.

📖 Read

via "National Vulnerability Database".
361 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27248 ‼

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.

📖 Read

via "National Vulnerability Database".
361 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30062 ‼

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.

📖 Read

via "National Vulnerability Database".
337 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30064 ‼

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

📖 Read

via "National Vulnerability Database".
319 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30065 ‼

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.

📖 Read

via "National Vulnerability Database".
310 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26530 ‼

swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.

📖 Read

via "National Vulnerability Database".
303 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27249 ‼

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.

📖 Read

via "National Vulnerability Database".
337 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30066 ‼

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.

📖 Read

via "National Vulnerability Database".
428 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26233 ‼

Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.

📖 Read

via "National Vulnerability Database".
470 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30063 ‼

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

📖 Read

via "National Vulnerability Database".
513 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1223 ‼

Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.

📖 Read

via "National Vulnerability Database".
448 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1225 ‼

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.

📖 Read

via "National Vulnerability Database".
450 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24191 ‼

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

📖 Read

via "National Vulnerability Database".
460 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1224 ‼

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

📖 Read

via "National Vulnerability Database".
400 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1222 ‼

Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.

📖 Read

via "National Vulnerability Database".
370 views