πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25K subscribers
88.7K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40866 β€Ό

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40868 β€Ό

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40851 β€Ό

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.

πŸ“– Read

via "National Vulnerability Database".
120 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40864 β€Ό

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet

πŸ“– Read

via "National Vulnerability Database".
122 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23144 β€Ό

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35252 β€Ό

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36798 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38061 β€Ό

Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35257 β€Ό

A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.

πŸ“– Read

via "National Vulnerability Database".
120 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35253 β€Ό

A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35238 β€Ό

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
125 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2937 β€Ό

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3257 β€Ό

Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30121 β€Ό

The Ò€œLANDesk(R) Management AgentҀ� service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Netlify vulnerable to XSS, SSRF attacks via cache poisoning πŸ—“οΈ

Issue has since been fixed

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Netlify vulnerable to XSS, SSRF attacks via cache poisoning
Issue has since been fixed
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 9/23 πŸ”

Experts are growing worried that the next cyber attack could come from an unlikely source, like an open source component or even your web browser’s spell checker. Read about this news and more in this week’s Friday Five!


πŸ“– Read

via "".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2970 β€Ό

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40215 β€Ό

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2972 β€Ό

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40194 β€Ό

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2025 β€Ό

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

πŸ“– Read

via "National Vulnerability Database".
122 views