πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20101 β€Ό

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20100 β€Ό

A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-21161 β€Ό

Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20102 β€Ό

A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Researchers crack MEGA’s β€˜privacy by design’ storage, encryption πŸ—“οΈ

ETH Zurich finds flaws in the firm’s cryptographic infrastructure

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers crack MEGA’s β€˜privacy by design’ storage, encryption
ETH Zurich finds flaws in the firm’s cryptographic infrastructure
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Harmony blockchain loses nearly $100M due to hacked private keys ⚠

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

πŸ“– Read

via "Naked Security".
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
The crooks needed at least two private keys, each stored in two parts… but they got them anyway.
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2140 β€Ό

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33650 β€Ό

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2106 β€Ό

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33651 β€Ό

When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2013-2084 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2069. Reason: This candidate is a reservation duplicate of CVE-2013-2069. Notes: All CVE users should reference CVE-2013-2069 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2088 β€Ό

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33654 β€Ό

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33653 β€Ό

When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2013-2216 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33648 β€Ό

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2013-2180 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2210 β€Ό

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33649 β€Ό

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.

πŸ“– Read

via "National Vulnerability Database".
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33652 β€Ό

When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33647 β€Ό

When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.

πŸ“– Read

via "National Vulnerability Database".
214 views