πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40297 β€Ό

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password.

πŸ“– Read

via "National Vulnerability Database".
500 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Transacting in Person with Strangers from the Internet β™ŸοΈ

Communities like Craigslist, OfferUp, Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don't deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you've agreed to meet has other intentions.

πŸ“– Read

via "Krebs on Security".
Krebs on Security
Transacting in Person with Strangers from the Internet
Communities like Craigslist, OfferUp, Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don't deserve to end up in…
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ ManageEngine vulnerability posed code injection risk for password management software πŸ—“οΈ

Authentication-free flaw opened the door to a raft of exploits

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ManageEngine vulnerability posed code injection risk for password management software
Authentication-free flaw opened the door to a raft of exploits
442 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Six-year-old blind SSRF vulnerability in WordPress Core feature could enable DDoS attacks πŸ—“οΈ

Issue present in pingback requests feature

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Six-year-old blind SSRF vulnerability in WordPress Core feature could enable DDoS attacks
Issue present in pingback requests feature
372 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 9/9 πŸ”

This week saw two social media giants come under fire once again, malware that cons cybercriminals, and more cyberattacks in Ukraine. Read about these stories and more in this week's Friday Five!


πŸ“– Read

via "".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38144 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36861 β€Ό

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.

πŸ“– Read

via "National Vulnerability Database".
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26390 β€Ό

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.

πŸ“– Read

via "National Vulnerability Database".
193 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36793 β€Ό

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36869 β€Ό

Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36423 β€Ό

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36864 β€Ό

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36852 β€Ό

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38286 β€Ό

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36863 β€Ό

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36847 β€Ό

Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38457 β€Ό

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40191 β€Ό

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38058 β€Ό

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36842 β€Ό

A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36855 β€Ό

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

πŸ“– Read

via "National Vulnerability Database".
132 views