πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31584 β€Ό

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32294 β€Ό

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31587 β€Ό

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31586 β€Ό

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31588 β€Ό

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31577 β€Ό

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31554 β€Ό

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31542 β€Ό

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31548 β€Ό

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
331 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2368 β€Ό

Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20.

πŸ“– Read

via "National Vulnerability Database".
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1794 β€Ό

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

πŸ“– Read

via "National Vulnerability Database".
312 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30792 β€Ό

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

πŸ“– Read

via "National Vulnerability Database".
310 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29926 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation in Cybozu, Inc. showed that it was not a vulnerability. Notes: https://jvn.jp/en/jp/JVN14077132/

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2302 β€Ό

Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30791 β€Ό

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

πŸ“– Read

via "National Vulnerability Database".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ β€˜Dirty dancing’ in OAuth: Researcher discloses how cyber-attacks can lead to account hijacking πŸ—“οΈ

Single-click account takeovers are made possible by taking advantage of quirks in OAuth

πŸ“– Read

via "The Daily Swig".
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Apache β€œCommons Configuration” patches Log4Shell-style bug – what you need to know ⚠

It's a bit like Log4J, but for configuration files, not for logging.

πŸ“– Read

via "Naked Security".
Naked Security
Apache β€œCommons Configuration” patches Log4Shell-style bug – what you need to know
It’s a bit like Log4J, but for configuration files, not for logging.
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ That didn’t last! Microsoft turns off the Office security it just turned on ⚠

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Proposed SEC Rules Require More Transparency About Cyber-Risk πŸ•΄

The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.

πŸ“– Read

via "Dark Reading".
Dark Reading
Proposed SEC Rules Require More Transparency About Cyber-Risk
The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.
183 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials πŸ•΄

Scams pressure victims to "resolve an issue that could impact their status, business."

πŸ“– Read

via "Dark Reading".
Dark Reading
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials
Scams pressure victims to "resolve an issue that could impact their status, business."
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better πŸ•΄

Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.

πŸ“– Read

via "Dark Reading".
Dark Reading
Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more…
166 views