πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25K subscribers
88.5K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3199 β€Ό

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40784 β€Ό

Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3075 β€Ό

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40044 β€Ό

Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

πŸ“– Read

via "National Vulnerability Database".
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40043 β€Ό

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3201 β€Ό

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.

πŸ“– Read

via "National Vulnerability Database".
354 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3200 β€Ό

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

πŸ“– Read

via "National Vulnerability Database".
418 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3272 β€Ό

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

πŸ“– Read

via "National Vulnerability Database".
545 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30003 β€Ό

Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.

πŸ“– Read

via "National Vulnerability Database".
627 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3290 β€Ό

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

πŸ“– Read

via "National Vulnerability Database".
643 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3298 β€Ό

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.

πŸ“– Read

via "National Vulnerability Database".
665 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39258 β€Ό

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
610 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Suricata IDPE 6.0.7 πŸ› 

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.7 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
607 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39256 β€Ό

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.

πŸ“– Read

via "National Vulnerability Database".
516 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ WhatsApp β€œzero-day exploit” news scare – what you need to know ⚠

Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
πŸ‘3
541 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27854 β€Ό

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

πŸ“– Read

via "National Vulnerability Database".
443 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27862 β€Ό

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

πŸ“– Read

via "National Vulnerability Database".
462 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27861 β€Ό

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

πŸ“– Read

via "National Vulnerability Database".
426 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27853 β€Ό

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

πŸ“– Read

via "National Vulnerability Database".
396 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-37346 β€Ό

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.

πŸ“– Read

via "National Vulnerability Database".
360 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39835 β€Ό

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat.

πŸ“– Read

via "National Vulnerability Database".
331 views