๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23847 โ€ผ

A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

๐Ÿ“– Read

via "National Vulnerability Database".
185 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23466 โ€ผ

Media CP Media Control Panel latest version. Insufficiently protected credential change.

๐Ÿ“– Read

via "National Vulnerability Database".
172 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23458 โ€ผ

Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.

๐Ÿ“– Read

via "National Vulnerability Database".
157 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23464 โ€ผ

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
149 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23850 โ€ผ

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

๐Ÿ“– Read

via "National Vulnerability Database".
141 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47507 โ€ผ

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
136 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23461 โ€ผ

Libpeconv รขโ‚ฌโ€œ access violation, before commit b076013 (30/11/2022).

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47508 โ€ผ

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

๐Ÿ“– Read

via "National Vulnerability Database".
141 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23460 โ€ผ

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24498 โ€ผ

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23467 โ€ผ

Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.

๐Ÿ“– Read

via "National Vulnerability Database".
143 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23836 โ€ผ

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
148 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23462 โ€ผ

Libpeconv รขโ‚ฌโ€œ integer overflow, before commit 75b1565 (30/11/2022).

๐Ÿ“– Read

via "National Vulnerability Database".
154 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47503 โ€ผ

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
162 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47504 โ€ผ

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
169 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24499 โ€ผ

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.

๐Ÿ“– Read

via "National Vulnerability Database".
180 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-38111 โ€ผ

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
196 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47506 โ€ผ

SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
216 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23848 โ€ผ

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

๐Ÿ“– Read

via "National Vulnerability Database".
230 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally ๐Ÿ•ด

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally
Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.
239 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22855 โ€ผ

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.

๐Ÿ“– Read

via "National Vulnerability Database".
202 views