πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48244 β€Ό

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
82 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48243 β€Ό

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
83 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44419 β€Ό

In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47498 β€Ό

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32113 β€Ό

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

πŸ“– Read

via "National Vulnerability Database".
87 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47488 β€Ό

In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
91 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47485 β€Ό

In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
91 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39089 β€Ό

In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48250 β€Ό

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
87 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48247 β€Ό

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
86 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48383 β€Ό

.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
87 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32112 β€Ό

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user toΓ‚ access some of its function. This could lead to modification of data impacting the integrity of the system.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48377 β€Ό

In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
86 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48386 β€Ό

the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48373 β€Ό

In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48248 β€Ό

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
82 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48388 β€Ό

In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
81 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48376 β€Ό

In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

πŸ“– Read

via "National Vulnerability Database".
94 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48385 β€Ό

In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30741 β€Ό

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30743 β€Ό

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks userÒ€ℒs interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying userÒ€ℒs information through phishing attack.

πŸ“– Read

via "National Vulnerability Database".
101 views