๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37765 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.

๐Ÿ“– Read

via "National Vulnerability Database".
291 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3127 โ€ผ

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

๐Ÿ“– Read

via "National Vulnerability Database".
315 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24492 โ€ผ

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntuร‚ which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.

๐Ÿ“– Read

via "National Vulnerability Database".
431 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37174 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.

๐Ÿ“– Read

via "National Vulnerability Database".
445 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37767 โ€ผ

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.

๐Ÿ“– Read

via "National Vulnerability Database".
476 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33881 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
399 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32788 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
394 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30942 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
367 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3080 โ€ผ

The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

๐Ÿ“– Read

via "National Vulnerability Database".
293 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3166 โ€ผ

The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

๐Ÿ“– Read

via "National Vulnerability Database".
198 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33888 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
170 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-4425 โ€ผ

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

๐Ÿ“– Read

via "National Vulnerability Database".
155 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37196 โ€ผ

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE toaccess unauthorized content, change, or delete content, or perform unauthorized actions whentampering with the alert settings of endpoints on DCE.

๐Ÿ“– Read

via "National Vulnerability Database".
142 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33899 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
135 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33885 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
130 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3168 โ€ผ

The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

๐Ÿ“– Read

via "National Vulnerability Database".
128 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30922 โ€ผ

In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
127 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2869 โ€ผ

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.

๐Ÿ“– Read

via "National Vulnerability Database".
127 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-4422 โ€ผ

The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

๐Ÿ“– Read

via "National Vulnerability Database".
120 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30938 โ€ผ

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

๐Ÿ“– Read

via "National Vulnerability Database".
119 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2762 โ€ผ

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

๐Ÿ“– Read

via "National Vulnerability Database".
114 views