🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-4289

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-4288

A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 35f81901a4cb925747a9615b8706f5079d2196a1. It is recommended to upgrade the affected component. The identifier VDB-216881 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-36634

A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-36633

A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879.

📖 Read

via "National Vulnerability Database".
283 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4766

A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880.

📖 Read

via "National Vulnerability Database".
295 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Why Attackers Target GitHub, and How You Can Secure It 🕴

The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.

📖 Read

via "Dark Reading".
Dark Reading
Why Attackers Target GitHub, and How You Can Secure It
The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.
263 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 How to Get the Most out of UEBA 🕴

Security teams are considering how to get the most out of user entity behavioral analytics by taking advantage of its strengths and augmenting its limitations.

📖 Read

via "Dark Reading".
Dark Reading
How to Get the Most Out of UEBA
Security teams are considering how to get the most out of user entity behavior analytics by taking advantage of its strengths and augmenting its limitations.
230 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4724

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.

📖 Read

via "National Vulnerability Database".
179 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4722

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4721

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-36626

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4528d4f855dbbf24e9fc12a162fda84ce3bedc2f. It is recommended to apply a patch to fix this issue. VDB-216738 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4694

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

📖 Read

via "National Vulnerability Database".
158 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
155 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4734

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository usememos/memos prior to 0.9.1.

📖 Read

via "National Vulnerability Database".
151 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4728

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
151 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4729

A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4719

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4723

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5.

📖 Read

via "National Vulnerability Database".
140 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4733

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4691

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

📖 Read

via "National Vulnerability Database".
141 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4727

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765de41eeb8ee4c70b5ec49cc8. It is recommended to upgrade the affected component. The identifier VDB-216741 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
👍1
138 views