🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25654 ‼

Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22074 ‼

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1194 ‼

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.

📖 Read

via "National Vulnerability Database".
133 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25706 ‼

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
140 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2887 ‼

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22094 ‼

memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".
150 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2654 ‼

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

📖 Read

via "National Vulnerability Database".
160 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25656 ‼

Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25653 ‼

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
177 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25652 ‼

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".
177 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22089 ‼

Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
222 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2655 ‼

The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

📖 Read

via "National Vulnerability Database".
243 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25688 ‼

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".
263 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40154 ‼

Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
232 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40152 ‼

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40153 ‼

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
201 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40151 ‼

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
188 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40149 ‼

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
187 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3223 ‼

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.

📖 Read

via "National Vulnerability Database".
194 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40156 ‼

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
236 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40150 ‼

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

📖 Read

via "National Vulnerability Database".
273 views