🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36552

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.

📖 Read

via "National Vulnerability Database".
437 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-37237

An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.

📖 Read

via "National Vulnerability Database".
451 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-29864

IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089

📖 Read

via "National Vulnerability Database".
420 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Don't Let 'Perfect' Be the Enemy of a Good AppSec Program 🕴

These five suggestions provide a great place to start building a scalable and affordable program for creating secure apps.

📖 Read

via "Dark Reading".
Dark Reading
Don't Let 'Perfect' Be the Enemy of a Good AppSec Program
These five suggestions provide a great place to start building a scalable and affordable program for creating secure apps.
413 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries 🕴

New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note.

📖 Read

via "Dark Reading".
Dark Reading
New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries
New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note.
345 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36563

Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

📖 Read

via "National Vulnerability Database".
303 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34368

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.

📖 Read

via "National Vulnerability Database".
282 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36561

XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

📖 Read

via "National Vulnerability Database".
261 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-37173

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.

📖 Read

via "National Vulnerability Database".
253 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36565

Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

📖 Read

via "National Vulnerability Database".
239 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36657

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.

📖 Read

via "National Vulnerability Database".
218 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-34374

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

📖 Read

via "National Vulnerability Database".
221 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-37172

Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

📖 Read

via "National Vulnerability Database".
👍1
224 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36562

Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

📖 Read

via "National Vulnerability Database".
219 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36734

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36735

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.

📖 Read

via "National Vulnerability Database".
215 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36733

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.

📖 Read

via "National Vulnerability Database".
221 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-3037

Use After Free in GitHub repository vim/vim prior to 9.0.0321.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-31232

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-36564

Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

📖 Read

via "National Vulnerability Database".
256 views