🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36734 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36735 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.

📖 Read

via "National Vulnerability Database".
215 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36733 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.

📖 Read

via "National Vulnerability Database".
221 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3037 ‼

Use After Free in GitHub repository vim/vim prior to 9.0.0321.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31232 ‼

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36564 ‼

Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

📖 Read

via "National Vulnerability Database".
256 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36730 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php.

📖 Read

via "National Vulnerability Database".
281 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36732 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34375 ‼

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

📖 Read

via "National Vulnerability Database".
321 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36731 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.

📖 Read

via "National Vulnerability Database".
339 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27560 ‼

HCL VersionVault Express exposes administrator credentials.

📖 Read

via "National Vulnerability Database".
319 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36745 ‼

LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.

📖 Read

via "National Vulnerability Database".
347 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27563 ‼

An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.

📖 Read

via "National Vulnerability Database".
383 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36748 ‼

PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.

📖 Read

via "National Vulnerability Database".
428 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36747 ‼

Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().

📖 Read

via "National Vulnerability Database".
502 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36749 ‼

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.

📖 Read

via "National Vulnerability Database".
528 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36746 ‼

LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.

📖 Read

via "National Vulnerability Database".
582 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-39047 ‼

Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.

📖 Read

via "National Vulnerability Database".
468 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37021 ‼

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify "--J=-Dgeode.enableGlobalSerialFilter=true" when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the "serializable-object-filter" configuration option. Using a global serial filter will impact performance.

📖 Read

via "National Vulnerability Database".
475 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37023 ‼

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.

📖 Read

via "National Vulnerability Database".
384 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37022 ‼

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator.

📖 Read

via "National Vulnerability Database".
409 views