πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1722 β€Ό

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29353 β€Ό

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30777 β€Ό

Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1728 β€Ό

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30776 β€Ό

atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30523 β€Ό

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.

πŸ“– Read

via "National Vulnerability Database".
289 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut πŸ•΄

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

πŸ“– Read

via "Dark Reading".
Dark Reading
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Name That Toon: Knives Out πŸ•΄

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

πŸ“– Read

via "Dark Reading".
Dark Reading
Name That Toon: Knives Out
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards πŸ•΄

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

πŸ“– Read

via "Dark Reading".
Dark Reading
NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards
New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25169 β€Ό

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23266 β€Ό

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33318 β€Ό

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30050 β€Ό

Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23267 β€Ό

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ You Can't Opt Out of Citizen Development πŸ•΄

To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.

πŸ“– Read

via "Dark Reading".
Dark Reading
You Can't Opt Out of Citizen Development
To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30055 β€Ό

Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23265 β€Ό

A logged-in and authenticated user with a Reviewer Role may lock a content item.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30126 β€Ό

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Open Source Security Gets $150M Boost From Industry Heavy Hitters πŸ•΄

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β€” and about 97% of software does β€” will gain more data on security.

πŸ“– Read

via "Dark Reading".
Dark Reading
Open Source Security Gets $30M Boost From Industry Heavy Hitters
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β€” and about 97% of software does β€” will gain more data on security.
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30696 β€Ό

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1679 β€Ό

A use-after-free flaw was found in the Linux kernelÒ€ℒs Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

πŸ“– Read

via "National Vulnerability Database".
198 views