πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2207 β€Ό

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Thrive Acquires DSM πŸ•΄

DSM is now the third acquisition by Thrive in Florida in the past six months.

πŸ“– Read

via "Dark Reading".
Dark Reading
Thrive Acquires DSM
DSM is now the third acquisition by Thrive in Florida in the past six months.
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ FTC warns of LGBTQ+ extortion scams – be aware before you share! ⚠

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

πŸ“– Read

via "Naked Security".
Naked Security
FTC warns of LGBTQ+ extortion scams – be aware before you share!
It’s a simple jingle and it’s solid advice: β€œIf in doubt, don’t give it out!”
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Untrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome πŸ—“οΈ

Flaws in protection mechanism leaves websites more exposed to DOM XSS-based attacks

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Untrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome
Flaws in protection mechanism leaves websites more exposed to DOM XSS-based attacks
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20101 β€Ό

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20100 β€Ό

A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-21161 β€Ό

Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20102 β€Ό

A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Researchers crack MEGA’s β€˜privacy by design’ storage, encryption πŸ—“οΈ

ETH Zurich finds flaws in the firm’s cryptographic infrastructure

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers crack MEGA’s β€˜privacy by design’ storage, encryption
ETH Zurich finds flaws in the firm’s cryptographic infrastructure
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Harmony blockchain loses nearly $100M due to hacked private keys ⚠

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

πŸ“– Read

via "Naked Security".
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
The crooks needed at least two private keys, each stored in two parts… but they got them anyway.
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2140 β€Ό

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33650 β€Ό

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2106 β€Ό

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33651 β€Ό

When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2013-2084 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2069. Reason: This candidate is a reservation duplicate of CVE-2013-2069. Notes: All CVE users should reference CVE-2013-2069 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2088 β€Ό

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33654 β€Ό

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33653 β€Ό

When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2013-2216 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33648 β€Ό

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2013-2180 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
153 views