πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Name That Toon: Knives Out πŸ•΄

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

πŸ“– Read

via "Dark Reading".
Dark Reading
Name That Toon: Knives Out
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards πŸ•΄

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

πŸ“– Read

via "Dark Reading".
Dark Reading
NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards
New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25169 β€Ό

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23266 β€Ό

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33318 β€Ό

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30050 β€Ό

Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23267 β€Ό

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ You Can't Opt Out of Citizen Development πŸ•΄

To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.

πŸ“– Read

via "Dark Reading".
Dark Reading
You Can't Opt Out of Citizen Development
To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30055 β€Ό

Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23265 β€Ό

A logged-in and authenticated user with a Reviewer Role may lock a content item.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30126 β€Ό

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Open Source Security Gets $150M Boost From Industry Heavy Hitters πŸ•΄

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β€” and about 97% of software does β€” will gain more data on security.

πŸ“– Read

via "Dark Reading".
Dark Reading
Open Source Security Gets $30M Boost From Industry Heavy Hitters
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β€” and about 97% of software does β€” will gain more data on security.
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30696 β€Ό

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1679 β€Ό

A use-after-free flaw was found in the Linux kernelÒ€ℒs Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1731 β€Ό

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27442 β€Ό

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27446 β€Ό

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33021 β€Ό

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter Γ’β‚¬ΛœedateÒ€ℒ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30697 β€Ό

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

πŸ“– Read

via "National Vulnerability Database".
170 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30695 β€Ό

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33025 β€Ό

xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.

πŸ“– Read

via "National Vulnerability Database".
186 views