🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3433 ‼

Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp

📖 Read

via "National Vulnerability Database".
182 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3430 ‼

Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3432 ‼

Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2246 ‼

Prototype Pollution in GitHub repository clever/underscore.deep prior to 0.5.3.

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3431 ‼

Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9

📖 Read

via "National Vulnerability Database".
162 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31886 ‼

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.

📖 Read

via "National Vulnerability Database".
165 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3435 ‼

Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3434 ‼

Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31883 ‼

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

📖 Read

via "National Vulnerability Database".
198 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24444 ‼

Silverstripe silverstripe/framework through 4.10 allows Session Fixation.

📖 Read

via "National Vulnerability Database".
191 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-19897 ‼

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31884 ‼

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.

📖 Read

via "National Vulnerability Database".
204 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31887 ‼

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.

📖 Read

via "National Vulnerability Database".
220 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29858 ‼

Silverstripe silverstripe/assets through 1.10 allows XSS.

📖 Read

via "National Vulnerability Database".
239 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25238 ‼

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

📖 Read

via "National Vulnerability Database".
320 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41559 ‼

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.

📖 Read

via "National Vulnerability Database".
330 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-19896 ‼

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.

📖 Read

via "National Vulnerability Database".
348 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2017-20108 ‼

A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.

📖 Read

via "National Vulnerability Database".
318 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2017-20112 ‼

A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.

📖 Read

via "National Vulnerability Database".
320 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2017-20109 ‼

A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2017-20110 ‼

A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

📖 Read

via "National Vulnerability Database".
272 views