πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46418 β€Ό

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46419 β€Ό

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Keysight Delivers Zero Trust Test Solution πŸ•΄

Enables network equipment manufacturers to validate devices in distributed cloud networks.

πŸ“– Read

via "Dark Reading".
Dark Reading
Keysight Delivers Zero Trust Test Solution
Enables network equipment manufacturers to validate devices in distributed cloud networks.
πŸ‘2
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ VMware patches critical flaws in Workspace ONE Access identity management software πŸ—“οΈ

Virtual reality

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
VMware patches critical flaws in Workspace ONE Access identity management software
Virtual reality
294 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Nord Security Raises First Outside Capital at $1.6B Valuation πŸ•΄

Financing raised from Novator Ventures, Burda Principal Investments, General Catalyst, and leading angel investors.

πŸ“– Read

via "Dark Reading".
Dark Reading
Nord Security Raises First Outside Capital at $1.6B Valuation
Financing raised from Novator Ventures, Burda Principal Investments, General Catalyst, and leading angel investors.
304 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27016 β€Ό

There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.

πŸ“– Read

via "National Vulnerability Database".
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25339 β€Ό

ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.

πŸ“– Read

via "National Vulnerability Database".
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25338 β€Ό

ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.

πŸ“– Read

via "National Vulnerability Database".
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26627 β€Ό

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file.

πŸ“– Read

via "National Vulnerability Database".
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Top Application Security Mitigations in Q1 of 2022 πŸ•΄

What is the best way to mitigate application security attacks? Learn how companies have mitigated the top threats.

πŸ“– Read

via "Dark Reading".
Dark Reading
Top Application Security Mitigations in Q1 of 2022
What is the best way to mitigate application security attacks? Learn how companies have mitigated the top threats.
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23972 β€Ό

ASUS RT-AX56UÒ€ℒs SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22515 β€Ό

A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22519 β€Ό

A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26671 β€Ό

Taiwan Secom Dr.ID Access Control systemÒ€ℒs login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.

πŸ“– Read

via "National Vulnerability Database".
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0677 β€Ό

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22514 β€Ό

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. This causes a null pointer dereference in the CmpSettings component of the affected CODESYS products and leads to a crash.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25595 β€Ό

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43432 β€Ό

A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25594 β€Ό

MicroprogramÒ€ℒs parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘2
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22517 β€Ό

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25597 β€Ό

ASUS RT-AC86UÒ€ℒs LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

πŸ“– Read

via "National Vulnerability Database".
142 views