🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29711 ‼

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

📖 Read

via "National Vulnerability Database".
122 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26974 ‼

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.

📖 Read

via "National Vulnerability Database".
121 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29729 ‼

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.

📖 Read

via "National Vulnerability Database".
117 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30825 ‼

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.

📖 Read

via "National Vulnerability Database".
115 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30490 ‼

Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.

📖 Read

via "National Vulnerability Database".
116 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26971 ‼

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26976 ‼

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.

📖 Read

via "National Vulnerability Database".
114 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26491 ‼

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.

📖 Read

via "National Vulnerability Database".
116 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30826 ‼

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.

📖 Read

via "National Vulnerability Database".
109 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26977 ‼

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.

📖 Read

via "National Vulnerability Database".
111 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29693 ‼

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

📖 Read

via "National Vulnerability Database".
110 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42200 ‼

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.

📖 Read

via "National Vulnerability Database".
114 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30823 ‼

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.

📖 Read

via "National Vulnerability Database".
112 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30324 ‼

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

📖 Read

via "National Vulnerability Database".
114 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29692 ‼

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.

📖 Read

via "National Vulnerability Database".
115 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30820 ‼

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.

📖 Read

via "National Vulnerability Database".
114 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30813 ‼

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

📖 Read

via "National Vulnerability Database".
107 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43307 ‼

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

📖 Read

via "National Vulnerability Database".
110 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24700 ‼

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

📖 Read

via "National Vulnerability Database".
106 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30828 ‼

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.

📖 Read

via "National Vulnerability Database".
101 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31961 ‼

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=.

📖 Read

via "National Vulnerability Database".
97 views