🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30303 ‼

An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38378 ‼

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.

📖 Read

via "National Vulnerability Database".
188 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23782 ‼

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.

📖 Read

via "National Vulnerability Database".
136 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30300 ‼

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.

📖 Read

via "National Vulnerability Database".
122 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30299 ‼

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.

📖 Read

via "National Vulnerability Database".
111 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26345 ‼

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
105 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-30339 ‼

Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.

📖 Read

via "National Vulnerability Database".
105 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-25905 ‼

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
102 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26425 ‼

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-0187 ‼

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
128 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43074 ‼

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26837 ‼

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
94 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26840 ‼

Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
89 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26421 ‼

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27482 ‼

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26032 ‼

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42756 ‼

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

📖 Read

via "National Vulnerability Database".
89 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26076 ‼

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
90 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26888 ‼

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

📖 Read

via "National Vulnerability Database".
94 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26509 ‼

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

📖 Read

via "National Vulnerability Database".
94 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-21216 ‼

Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.

📖 Read

via "National Vulnerability Database".
87 views