🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.9K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.9K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35154 ‼

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29891 ‼

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

📖 Read

via "National Vulnerability Database".
153 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35166 ‼

libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32583 ‼

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-30070 ‼

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.

📖 Read

via "National Vulnerability Database".
137 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32283 ‼

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35153 ‼

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30604 ‼

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25986 ‼

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

📖 Read

via "National Vulnerability Database".
144 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28715 ‼

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32453 ‼

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.

📖 Read

via "National Vulnerability Database".
154 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30693 ‼

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29487 ‼

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

📖 Read

via "National Vulnerability Database".
186 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35164 ‼

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35173 ‼

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.

📖 Read

via "National Vulnerability Database".
258 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32544 ‼

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33151 ‼

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

📖 Read

via "National Vulnerability Database".
292 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain 🕴

Hosts next OpenSSF Day in Dublin.

📖 Read

via "Dark Reading".
Dark Reading
OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain
Hosts next OpenSSF Day in Dublin.
285 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37025 ‼

An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file.

📖 Read

via "National Vulnerability Database".
265 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29550 ‼

** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulnerability because the ps data collection is intentional, and would only capture credentials on a machine that was already affected by the CWE-214 weakness.

📖 Read

via "National Vulnerability Database".
232 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 How to Upskill Tech Staff to Meet Cybersecurity Needs 🕴

Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff.

📖 Read

via "Dark Reading".
Dark Reading
How to Upskill Tech Staff to Meet Cybersecurity Needs
Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff.
233 views