🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

No zero-days this month, if you ignore the Edge RCE hole patched last week

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
320 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-31142

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.

📖 Read

via "National Vulnerability Database".
370 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32301

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.

📖 Read

via "National Vulnerability Database".
383 views
🛡 Cybersecurity & Privacy 🛡 - News
🛠 AIDE 0.18.4 🛠

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

📖 Read

via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.4 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
👍1
332 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
307 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29364

Windows Authentication Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29366

Windows Geolocation Service Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
253 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-24938

Windows CryptoAPI Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
232 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29353

Sysinternals Process Monitor for Windows Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32010

Windows Bus Filter Driver Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
229 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32011

Windows iSCSI Discovery Service Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
223 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29372

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
219 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32032

.NET and Visual Studio Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
214 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32017

Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32015

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
207 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29363

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
207 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29367

iSCSI Target WMI Provider Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
206 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-29355

DHCP Server Service Information Disclosure Vulnerability

📖 Read

via "National Vulnerability Database".
207 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3198

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

📖 Read

via "National Vulnerability Database".
209 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-33145

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-33144

Visual Studio Code Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
191 views