๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28450 โ€ผ

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

๐Ÿ“– Read

via "National Vulnerability Database".
246 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27599 โ€ผ

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.

๐Ÿ“– Read

via "National Vulnerability Database".
320 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26912 โ€ผ

Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.

๐Ÿ“– Read

via "National Vulnerability Database".
355 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28466 โ€ผ

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

๐Ÿ“– Read

via "National Vulnerability Database".
311 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24795 โ€ผ

Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.

๐Ÿ“– Read

via "National Vulnerability Database".
311 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23150 โ€ผ

SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution.

๐Ÿ“– Read

via "National Vulnerability Database".
295 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28487 โ€ผ

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

๐Ÿ“– Read

via "National Vulnerability Database".
245 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24760 โ€ผ

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
213 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25281 โ€ผ

A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.

๐Ÿ“– Read

via "National Vulnerability Database".
203 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27084 โ€ผ

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

๐Ÿ“– Read

via "National Vulnerability Database".
207 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-4009 โ€ผ

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation

๐Ÿ“– Read

via "National Vulnerability Database".
208 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28486 โ€ผ

Sudo before 1.9.13 does not escape control characters in log messages.

๐Ÿ“– Read

via "National Vulnerability Database".
224 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27095 โ€ผ

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.

๐Ÿ“– Read

via "National Vulnerability Database".
254 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26951 โ€ผ

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.

๐Ÿ“– Read

via "National Vulnerability Database".
280 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26784 โ€ผ

SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.

๐Ÿ“– Read

via "National Vulnerability Database".
311 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25280 โ€ผ

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

๐Ÿ“– Read

via "National Vulnerability Database".
368 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด How Do Attackers Hijack Old Domains and Subdomains? ๐Ÿ•ด

Here is a cautionary tale of what happens if side-projects or sections of the website becomes obsolete. If you don't remove them, someone might hijack your subdomain.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
How Do Attackers Hijack Old Domains and Subdomains?
Here is a cautionary tale of what happens if you don't remove obsolete side projects or sections of your website: Someone might hijack your subdomain.
991 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-40699 โ€ผ

Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr รขโ‚ฌโ€œ Yet Another Stars Rating plugin <= 3.1.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
425 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-38971 โ€ผ

Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form รขโ‚ฌโ€œ Registration Form รขโ‚ฌโ€œ Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
438 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-38063 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
438 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24571 โ€ผ

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

๐Ÿ“– Read

via "National Vulnerability Database".
407 views