🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-38146

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

📖 Read

via "National Vulnerability Database".
438 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44158

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.

📖 Read

via "National Vulnerability Database".
428 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44156

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

📖 Read

via "National Vulnerability Database".
425 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-45013

A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.

📖 Read

via "National Vulnerability Database".
423 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44169

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

📖 Read

via "National Vulnerability Database".
413 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-37332

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

📖 Read

via "National Vulnerability Database".
420 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44168

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

📖 Read

via "National Vulnerability Database".
428 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32774

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

📖 Read

via "National Vulnerability Database".
476 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-45470

** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

📖 Read

via "National Vulnerability Database".
478 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44163

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

📖 Read

via "National Vulnerability Database".
489 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles 🕴

Organizations that use the consensus principles can significantly improve their cyber resilience without raising costs, MIT research shows.

📖 Read

via "Dark Reading".
Dark Reading
MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles
Organizations that use the consensus principles can significantly improve their cyber resilience without raising costs, MIT research shows.
👍2
557 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Time to Get Kids Hacking: Our 2022 Holiday Gift Guide 🕴

Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.

📖 Read

via "Dark Reading".
Dark Reading
Time to Get Kids Hacking: Our 2022 Holiday Gift Guide
Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.
👍1
497 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn 🕴

Here's what that means about our current state as an industry, and why we should be happy about it.

📖 Read

via "Dark Reading".
Dark Reading
Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn
Here's what that means about our current state as an industry, and why we should be happy about it.
497 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-43117

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.

📖 Read

via "National Vulnerability Database".
424 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44174

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.

📖 Read

via "National Vulnerability Database".
419 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44183

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.

📖 Read

via "National Vulnerability Database".
404 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44180

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.

📖 Read

via "National Vulnerability Database".
385 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.

📖 Read

via "National Vulnerability Database".
363 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
358 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44172

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.

📖 Read

via "National Vulnerability Database".
340 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44830

Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.

📖 Read

via "National Vulnerability Database".
340 views