🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27416 ‼

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

📖 Read

via "National Vulnerability Database".
216 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27387 ‼

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27418 ‼

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27381 ‼

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

📖 Read

via "National Vulnerability Database".
154 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27380 ‼

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

📖 Read

via "National Vulnerability Database".
141 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27378 ‼

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27376 ‼

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29047 ‼

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.

📖 Read

via "National Vulnerability Database".
132 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29038 ‼

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
129 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29052 ‼

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

📖 Read

via "National Vulnerability Database".
127 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29051 ‼

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29041 ‼

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
129 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27385 ‼

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

📖 Read

via "National Vulnerability Database".
130 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29046 ‼

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
137 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29044 ‼

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
140 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29040 ‼

Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29042 ‼

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
162 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29037 ‼

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
194 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29048 ‼

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-0436 ‼

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

📖 Read

via "National Vulnerability Database".
244 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid 🕴

The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.

📖 Read

via "Dark Reading".
Dark Reading
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.
267 views