๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33174 โ€ผ

Windows Cryptographic Information Disclosure Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
190 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-35305 โ€ผ

Windows Kernel Elevation of Privilege Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
201 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32047 โ€ผ

Paint 3D Remote Code Execution Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
212 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-35316 โ€ผ

Remote Procedure Call Runtime Information Disclosure Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
234 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33169 โ€ผ

Remote Procedure Call Runtime Denial of Service Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
250 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33155 โ€ผ

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
253 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32040 โ€ผ

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
271 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23756 โ€ผ

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

๐Ÿ“– Read

via "National Vulnerability Database".
244 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29984 โ€ผ

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.

๐Ÿ“– Read

via "National Vulnerability Database".
264 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-48521 โ€ผ

An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.

๐Ÿ“– Read

via "National Vulnerability Database".
266 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29406 โ€ผ

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ™Ÿ๏ธ Apple & Microsoft Patch Tuesday, July 2023 Edition โ™Ÿ๏ธ

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.

๐Ÿ“– Read

via "Krebs on Security".
Krebs on Security
Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-dayโ€ฆ
๐Ÿ‘2
273 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37766 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.

๐Ÿ“– Read

via "National Vulnerability Database".
254 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24491 โ€ผ

A vulnerability has been discovered in the Citrix Secure Access client for Windowswhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that ofร‚ NT AUTHORITY\SYSTEM.

๐Ÿ“– Read

via "National Vulnerability Database".
257 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37765 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.

๐Ÿ“– Read

via "National Vulnerability Database".
291 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3127 โ€ผ

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

๐Ÿ“– Read

via "National Vulnerability Database".
315 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24492 โ€ผ

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntuร‚ which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.

๐Ÿ“– Read

via "National Vulnerability Database".
431 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37174 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.

๐Ÿ“– Read

via "National Vulnerability Database".
445 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37767 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.

๐Ÿ“– Read

via "National Vulnerability Database".
476 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33881 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
399 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32788 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
394 views