🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32094 ‼

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.

📖 Read

via "National Vulnerability Database".
166 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25758 ‼

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

📖 Read

via "National Vulnerability Database".
164 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25898 ‼

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32081 ‼

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32084 ‼

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32083 ‼

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

📖 Read

via "National Vulnerability Database".
204 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25896 ‼

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

📖 Read

via "National Vulnerability Database".
221 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32420 ‼

College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.

📖 Read

via "National Vulnerability Database".
238 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32088 ‼

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

📖 Read

via "National Vulnerability Database".
284 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32093 ‼

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.

📖 Read

via "National Vulnerability Database".
348 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32087 ‼

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

📖 Read

via "National Vulnerability Database".
389 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32091 ‼

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

📖 Read

via "National Vulnerability Database".
454 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28200 ‼

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

📖 Read

via "National Vulnerability Database".
487 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28200 ‼

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

📖 Read

via "National Vulnerability Database".
533 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33014 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
477 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33016 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
546 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2284 ‼

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
603 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33015 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
694 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2287 ‼

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
702 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2288 ‼

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
634 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2289 ‼

Use After Free in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
646 views