🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32666 ‼

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.

📖 Read

via "National Vulnerability Database".
427 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21641 ‼

An app with non-privileged access can change global system brightness and cause undesired system behavior.

📖 Read

via "National Vulnerability Database".
377 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3133 ‼

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

📖 Read

via "National Vulnerability Database".
371 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28541 ‼

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

📖 Read

via "National Vulnerability Database".
348 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21629 ‼

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

📖 Read

via "National Vulnerability Database".
291 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2320 ‼

The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24854 ‼

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2324 ‼

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

📖 Read

via "National Vulnerability Database".
229 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21640 ‼

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

📖 Read

via "National Vulnerability Database".
225 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2010 ‼

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-22386 ‼

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21639 ‼

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21635 ‼

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

📖 Read

via "National Vulnerability Database".
242 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3460 ‼

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

📖 Read

via "National Vulnerability Database".
252 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24851 ‼

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4623 ‼

The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

📖 Read

via "National Vulnerability Database".
290 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28542 ‼

Memory Corruption in WLAN HOST while fetching TX status information.

📖 Read

via "National Vulnerability Database".
307 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-2321 ‼

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

📖 Read

via "National Vulnerability Database".
365 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21633 ‼

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

📖 Read

via "National Vulnerability Database".
417 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1273 ‼

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

📖 Read

via "National Vulnerability Database".
458 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21672 ‼

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

📖 Read

via "National Vulnerability Database".
557 views