πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44311 β€Ό

html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44320 β€Ό

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41757 β€Ό

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.

πŸ“– Read

via "National Vulnerability Database".
265 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44317 β€Ό

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

πŸ“– Read

via "National Vulnerability Database".
294 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Silk Road drugs market hacker pleads guilty, faces 20 years inside ⚠

Jurisprudence isn't like arithmetic... two negatives never make a positive!

πŸ“– Read

via "Naked Security".
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
Jurisprudence isn’t like arithmetic… two negatives never make a positive!
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44556 β€Ό

Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

πŸ“– Read

via "National Vulnerability Database".
304 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40303 β€Ό

perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39069 β€Ό

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.

πŸ“– Read

via "National Vulnerability Database".
305 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ LockBit repeats 'PR stunt' as Thales ransomware investigation reveals no breach πŸ“’

The ransomware group threatened to leak stolen data on the dark web, but Thales denies any attack occurred

πŸ“– Read

via "ITPro".
ITPro
LockBit repeats 'PR stunt' as Thales ransomware investigation reveals no breach
The ransomware group threatened to leak stolen data on the dark web, but Thales denies any attack occurred
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Microsoft says β€œit’s just too difficult” to effectively disrupt ransomware πŸ“’

The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy

πŸ“– Read

via "ITPro".
ITPro
Microsoft says β€œit’s just too difficult” to effectively disrupt ransomware
The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Continental 'held to ransom', refuses to confirm if LockBit has stolen data πŸ“’

The ransomware group is threatening to leak the data it has on the German manufacturer tonight if a ransom isn't paid

πŸ“– Read

via "ITPro".
ITPro
Continental 'held to ransom', refuses to confirm if LockBit has stolen data
The ransomware group is threatening to leak the data it has on the German manufacturer tonight if a ransom isn't paid
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41980 β€Ό

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44741 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.

πŸ“– Read

via "National Vulnerability Database".
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40205 β€Ό

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-42494 β€Ό

Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.

πŸ“– Read

via "National Vulnerability Database".
183 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40223 β€Ό

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-43491 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.

πŸ“– Read

via "National Vulnerability Database".
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30545 β€Ό

Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39377 β€Ό

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40206 β€Ό

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27855 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.

πŸ“– Read

via "National Vulnerability Database".
143 views