🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20773 ‼

In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735.

📖 Read

via "National Vulnerability Database".
250 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20772 ‼

In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20767 ‼

In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.

📖 Read

via "National Vulnerability Database".
304 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-30990 ‼

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.

📖 Read

via "National Vulnerability Database".
359 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20771 ‼

In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046.

📖 Read

via "National Vulnerability Database".
393 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32666 ‼

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.

📖 Read

via "National Vulnerability Database".
427 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21641 ‼

An app with non-privileged access can change global system brightness and cause undesired system behavior.

📖 Read

via "National Vulnerability Database".
377 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3133 ‼

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

📖 Read

via "National Vulnerability Database".
371 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28541 ‼

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

📖 Read

via "National Vulnerability Database".
348 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21629 ‼

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

📖 Read

via "National Vulnerability Database".
291 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2320 ‼

The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24854 ‼

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2324 ‼

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

📖 Read

via "National Vulnerability Database".
229 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21640 ‼

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

📖 Read

via "National Vulnerability Database".
225 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2010 ‼

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-22386 ‼

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21639 ‼

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21635 ‼

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

📖 Read

via "National Vulnerability Database".
242 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3460 ‼

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

📖 Read

via "National Vulnerability Database".
252 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24851 ‼

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4623 ‼

The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

📖 Read

via "National Vulnerability Database".
290 views