🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-9579 ‼

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).

📖 Read

via "National Vulnerability Database".
317 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-19030 ‼

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-14802 ‼

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

📖 Read

via "National Vulnerability Database".
319 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-28191 ‼

The console in Togglz before 2.9.4 allows CSRF.

📖 Read

via "National Vulnerability Database".
298 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-18177 ‼

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

📖 Read

via "National Vulnerability Database".
296 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-19705 ‼

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

📖 Read

via "National Vulnerability Database".
299 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-13988 ‼

Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).

📖 Read

via "National Vulnerability Database".
317 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36664 ‼

Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.

📖 Read

via "National Vulnerability Database".
354 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-16135 ‼

The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site.

📖 Read

via "National Vulnerability Database".
437 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-24600 ‼

Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request.

📖 Read

via "National Vulnerability Database".
479 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-11851 ‼

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.

📖 Read

via "National Vulnerability Database".
528 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-46764 ‼

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

📖 Read

via "National Vulnerability Database".
482 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-46763 ‼

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.

📖 Read

via "National Vulnerability Database".
510 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2015-10005 ‼

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852.

📖 Read

via "National Vulnerability Database".
444 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-25087 ‼

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863.

📖 Read

via "National Vulnerability Database".
388 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-25086 ‼

A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.5.1 is able to address this issue. The name of the patch is 3f39f2d68d11895929c04f7b49b97a734ae7cd1f. It is recommended to upgrade the affected component. VDB-216862 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
296 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-4284 ‼

A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 811990972ea07649ae33c4b56c61c3b520895f07. It is recommended to upgrade the affected component. The identifier VDB-216873 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4755 ‼

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
273 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-25088 ‼

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
287 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-4283 ‼

A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is ffce4882016076acd16fe0f676246905aa3cb2f3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216872.

📖 Read

via "National Vulnerability Database".
346 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-25049 ‼

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
366 views