🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30188

HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29111, CVE-2022-29119.

📖 Read

via "National Vulnerability Database".
118 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30165

Windows Kerberos Elevation of Privilege Vulnerability.

📖 Read

via "National Vulnerability Database".
118 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30193

AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30167.

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30180

Azure RTOS GUIX Studio Information Disclosure Vulnerability.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30149

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30153, CVE-2022-30161.

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30168

Microsoft Photos App Remote Code Execution Vulnerability.

📖 Read

via "National Vulnerability Database".
131 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-29143

Microsoft SQL Server Remote Code Execution Vulnerability.

📖 Read

via "National Vulnerability Database".
137 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.

📖 Read

via "National Vulnerability Database".
161 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30159

Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172.

📖 Read

via "National Vulnerability Database".
178 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30131

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability.

📖 Read

via "National Vulnerability Database".
220 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30139

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161.

📖 Read

via "National Vulnerability Database".
273 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30189

Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability.

📖 Read

via "National Vulnerability Database".
270 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30549

Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

📖 Read

via "National Vulnerability Database".
269 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30538

Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

📖 Read

via "National Vulnerability Database".
294 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30546

Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

📖 Read

via "National Vulnerability Database".
313 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30533

Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.

📖 Read

via "National Vulnerability Database".
👍1
301 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2017-20052

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

📖 Read

via "National Vulnerability Database".
269 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

📖 Read

via "National Vulnerability Database".
279 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2017-20051

A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

📖 Read

via "National Vulnerability Database".
261 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

📖 Read

via "National Vulnerability Database".
251 views
🛡 Cybersecurity & Privacy 🛡 - News
🗓️ Business email platform Zimbra patches memcached injection flaw that imperils user credentials 🗓️

Attackers could also potentially gain access to various internal services, researcher warns

📖 Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Business email platform Zimbra patches memcached injection flaw that imperils user credentials
Attackers could also potentially gain access to various internal services, researcher warns
250 views