🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25K subscribers
88.5K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40402 ‼

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.

📖 Read

via "National Vulnerability Database".
295 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41437 ‼

An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.

📖 Read

via "National Vulnerability Database".
276 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-39219 ‼

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

📖 Read

via "National Vulnerability Database".
269 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-39245 ‼

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-39243 ‼

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution.

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40485 ‼

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.

📖 Read

via "National Vulnerability Database".
188 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3103 ‼

off-by-one in io_uring module.

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28722 ‼

Certain HP Print Products are potentially vulnerable to Buffer Overflow.

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28721 ‼

Certain HP Print Products are potentially vulnerable to Remote Code Execution.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40785 ‼

Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.

📖 Read

via "National Vulnerability Database".
249 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40484 ‼

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.

📖 Read

via "National Vulnerability Database".
263 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3051 ‼

Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.

📖 Read

via "National Vulnerability Database".
239 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3058 ‼

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.

📖 Read

via "National Vulnerability Database".
241 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3047 ‼

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3048 ‼

Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.

📖 Read

via "National Vulnerability Database".
171 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3040 ‼

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
162 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2855 ‼

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
158 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2854 ‼

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
151 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2861 ‼

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2857 ‼

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3050 ‼

Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.

📖 Read

via "National Vulnerability Database".
154 views