🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Cybersecurity Pros Put Mastodon Flaws Under the Microscope 🕴

As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.

📖 Read

via "Dark Reading".
Dark Reading
Cybersecurity Pros Put Mastodon Flaws Under the Microscope
As the open source social media network grabs the spotlight as a Twitter replacement, researchers caution about vulnerabilities.
434 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Adversarial AI Attacks Highlight Fundamental Security Issues 🕴

An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.

📖 Read

via "Dark Reading".
Dark Reading
Adversarial AI Attacks Highlight Fundamental Security Issues
An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.
476 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37772 ‼

Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.

📖 Read

via "National Vulnerability Database".
421 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37429 ‼

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

📖 Read

via "National Vulnerability Database".
416 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23587 ‼

A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ".

📖 Read

via "National Vulnerability Database".
368 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23590 ‼

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".

📖 Read

via "National Vulnerability Database".
296 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37421 ‼

Silverstripe silverstripe/cms through 4.11.0 allows XSS.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23593 ‼

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23584 ‼

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.

📖 Read

via "National Vulnerability Database".
269 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38147 ‼

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23592 ‼

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.

📖 Read

via "National Vulnerability Database".
264 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23591 ‼

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.

📖 Read

via "National Vulnerability Database".
254 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37430 ‼

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

📖 Read

via "National Vulnerability Database".
257 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23588 ‼

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".

📖 Read

via "National Vulnerability Database".
255 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40770 ‼

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36337 ‼

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.

📖 Read

via "National Vulnerability Database".
279 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34830 ‼

An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.

📖 Read

via "National Vulnerability Database".
305 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23586 ‼

A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.

📖 Read

via "National Vulnerability Database".
346 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41446 ‼

An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.

📖 Read

via "National Vulnerability Database".
397 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38145 ‼

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.

📖 Read

via "National Vulnerability Database".
478 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-35500 ‼

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.

📖 Read

via "National Vulnerability Database".
493 views