πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20251 β€Ό

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.

πŸ“– Read

via "National Vulnerability Database".
403 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3424 β€Ό

A use-after-free flaw was found in the Linux kernelÒ€ℒs SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

πŸ“– Read

via "National Vulnerability Database".
461 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1240 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
408 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1239 β€Ό

Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
407 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1242 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
390 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3760 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.

πŸ“– Read

via "National Vulnerability Database".
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1243 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1238 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1247 β€Ό

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1244 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1237 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
364 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1241 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
368 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1245 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

πŸ“– Read

via "National Vulnerability Database".
395 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cyber Security Works to Rebrand As Securin Inc. πŸ•΄

Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cyber Security Works to Rebrand As Securin Inc.
Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems πŸ•΄

The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

πŸ“– Read

via "Dark Reading".
Dark Reading
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Optiv Launches Full Suite of Operational Technology Services πŸ•΄



πŸ“– Read

via "Dark Reading".
Dark Reading
Optiv Launches Full Suite of Operational Technology Services
DENVER, March 7, 2023 /PRNewswire/ -- Digitization and the heavy adoption of connected devices are enabling organizations to reach new heights and, at the same time, have intensified the threat landscape and extended the attack surface. As organizations work…
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26955 β€Ό

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36669 β€Ό

The JetBackup Γ’β‚¬β€œ WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44197 β€Ό

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26954 β€Ό

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-4330 β€Ό

The Envato Elements & Download and Template Kit Γ’β‚¬β€œ Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit Γ’β‚¬β€œ Import and versions up to and including 2.0.10 of Envato Elements & Download.

πŸ“– Read

via "National Vulnerability Database".
224 views