🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31120 ‼

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.

📖 Read

via "National Vulnerability Database".
242 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 How Email Security Is Evolving 🕴

Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated.

📖 Read

via "Dark Reading".
Dark Reading
How Email Security Is Evolving
Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated.
252 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover 🕴

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.

📖 Read

via "Dark Reading".
Dark Reading
Bug in Kaspersky VPN Client Allows Privilege Escalation
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.
250 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34862 ‼

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
214 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31119 ‼

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.

📖 Read

via "National Vulnerability Database".
179 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31473 ‼

In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
158 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35241 ‼

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35728 ‼

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
130 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35243 ‼

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35245 ‼

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
121 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34651 ‼

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
121 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34655 ‼

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35240 ‼

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
117 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32455 ‼

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
114 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35272 ‼

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35735 ‼

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34993 ‼

Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34851 ‼

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
126 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33203 ‼

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
137 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30535 ‼

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34844 ‼

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📖 Read

via "National Vulnerability Database".
164 views