🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-29865

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 APT Groups Swarming on VMware Servers with Log4Shell 🕴

CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

📖 Read

via "Dark Reading".
Dark Reading
APT Groups Swarming on VMware Servers with Log4Shell
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
241 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34065

The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
214 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34057

The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
198 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33003

The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
172 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33002

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
153 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34066

The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
143 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34053

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
143 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34064

The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33004

The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
👍1
139 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34056

The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32996

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-30885

** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33000

The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34055

The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33122

A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.

📖 Read

via "National Vulnerability Database".
161 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
174 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34059

The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
203 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34054

The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
246 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32999

The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
333 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32997

The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

📖 Read

via "National Vulnerability Database".
406 views