🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35704 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
233 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40715 ‼

An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.

📖 Read

via "National Vulnerability Database".
189 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35709 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
171 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40425 ‼

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35699 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
157 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35701 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38883 ‼

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37700 ‼

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38881 ‼

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35703 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
144 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29908 ‼

The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.

📖 Read

via "National Vulnerability Database".
144 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35705 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40431 ‼

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40432 ‼

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
144 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40430 ‼

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38425 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
164 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37203 ‼

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

📖 Read

via "National Vulnerability Database".
186 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38333 ‼

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38882 ‼

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
219 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38884 ‼

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.

📖 Read

via "National Vulnerability Database".
221 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35706 ‼

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
236 views