🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-46824 ‼

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33024 ‼

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

📖 Read

via "National Vulnerability Database".
89 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34171 ‼

In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33026 ‼

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

📖 Read

via "National Vulnerability Database".
90 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34178 ‼

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34211 ‼

A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.

📖 Read

via "National Vulnerability Database".
87 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34204 ‼

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32536 ‼

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights.

📖 Read

via "National Vulnerability Database".
90 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34191 ‼

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34298 ‼

The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."

📖 Read

via "National Vulnerability Database".
87 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34300 ‼

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

📖 Read

via "National Vulnerability Database".
85 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34328 ‼

PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.

📖 Read

via "National Vulnerability Database".
92 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34185 ‼

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
95 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33033 ‼

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29301 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34209 ‼

A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.

📖 Read

via "National Vulnerability Database".
99 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33028 ‼

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34172 ‼

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

📖 Read

via "National Vulnerability Database".
101 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22980 ‼

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34190 ‼

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
107 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34206 ‼

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.

📖 Read

via "National Vulnerability Database".
110 views