🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3621

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-28001

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.

📖 Read

via "National Vulnerability Database".
236 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-34117

Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-34116

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.

📖 Read

via "National Vulnerability Database".
277 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3624

A vulnerability classified as critical has been found in Nesote Inout Blockchain FiatExchanger 3.0. This affects an unknown part of the file /index.php/coins/update_marketboxslider of the component POST Parameter Handler. The manipulation of the argument marketcurrency leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-233577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

📖 Read

via "National Vulnerability Database".
1
291 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35308

Windows MSHTML Platform Security Feature Bypass Vulnerability

📖 Read

via "National Vulnerability Database".
250 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-33161

Microsoft Excel Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32052

Microsoft Power Apps Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32693

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.6.

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-33159

Microsoft SharePoint Server Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
159 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32034

Remote Procedure Call Runtime Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32055

Active Template Library Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-33173

Remote Procedure Call Runtime Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35319

Remote Procedure Call Runtime Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32050

Windows Installer Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35315

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35321

Windows Deployment Services Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35298

HTTP.sys Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35300

Remote Procedure Call Runtime Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-35362

Windows Clip Service Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
150 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32054

Volume Shadow Copy Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
160 views