🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26865 ‼

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

📖 Read

via "National Vulnerability Database".
129 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30787 ‼

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

📖 Read

via "National Vulnerability Database".
96 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-21831 ‼

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

📖 Read

via "National Vulnerability Database".
92 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24414 ‼

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

📖 Read

via "National Vulnerability Database".
98 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30500 ‼

Jfinal cms 5.1.0 is vulnerable to SQL Injection.

📖 Read

via "National Vulnerability Database".
98 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30783 ‼

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-33014 ‼

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24417 ‼

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

📖 Read

via "National Vulnerability Database".
109 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30495 ‼

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26857 ‼

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1261 ‼

Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30476 ‼

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

📖 Read

via "National Vulnerability Database".
184 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Twitter Fined $150M for Security Data Misuse 🕴

Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.

📖 Read

via "Dark Reading".
Dark Reading
Twitter Fined $150M for Security Data Misuse
Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.
197 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26727 ‼

This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.

📖 Read

via "National Vulnerability Database".
174 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26736 ‼

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
168 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26701 ‼

A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
143 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30508 ‼

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26722 ‼

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

📖 Read

via "National Vulnerability Database".
111 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22616 ‼

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

📖 Read

via "National Vulnerability Database".
116 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26714 ‼

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

📖 Read

via "National Vulnerability Database".
113 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22674 ‼

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

📖 Read

via "National Vulnerability Database".
110 views