πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38670 β€Ό

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.

πŸ“– Read

via "National Vulnerability Database".
384 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28130 β€Ό

Local user may lead to privilege escalation using Gaia Portal hostnames page.

πŸ“– Read

via "National Vulnerability Database".
396 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38671 β€Ό

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

πŸ“– Read

via "National Vulnerability Database".
404 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38669 β€Ό

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.

πŸ“– Read

via "National Vulnerability Database".
408 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Attack on third-party software vendor disrupts NHS ambulance services πŸ“’

The ambulance services serve more than 10 million people across the south of England

πŸ“– Read

via "ITPro".
ITPro
Attack on third-party software vendor disrupts NHS ambulance services
The ambulance services serve more than 10 million people across the south of England
406 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Crackdown on crypto needed to curb cyber crime, says expert πŸ“’

Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in

πŸ“– Read

via "ITPro".
ITPro
Crackdown on crypto needed to curb cyber crime, says expert
Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
423 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away' πŸ“’

Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says

πŸ“– Read

via "ITPro".
ITPro
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'
Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
475 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39261 β€Ό

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

πŸ“– Read

via "National Vulnerability Database".
492 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38673 β€Ό

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted inΓ‚ the ability to execute arbitrary commands on the operating system.

πŸ“– Read

via "National Vulnerability Database".
547 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38672 β€Ό

FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.

πŸ“– Read

via "National Vulnerability Database".
576 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37049 β€Ό

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.

πŸ“– Read

via "National Vulnerability Database".
604 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30577 β€Ό

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.

πŸ“– Read

via "National Vulnerability Database".
576 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30949 β€Ό

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

πŸ“– Read

via "National Vulnerability Database".
547 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3414 β€Ό

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information.Γ‚ To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

πŸ“– Read

via "National Vulnerability Database".
582 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3442 β€Ό

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information.Γ‚ To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

πŸ“– Read

via "National Vulnerability Database".
626 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3242 β€Ό

Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93.

πŸ“– Read

via "National Vulnerability Database".
696 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28013 β€Ό

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.

πŸ“– Read

via "National Vulnerability Database".
672 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3451 β€Ό

** REJECT ** Duplicate CVE. Please use CVE-2023-32297.

πŸ“– Read

via "National Vulnerability Database".
726 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Zenbleed: How the quest for CPU performance could put your passwords at risk ⚠

You need to turn on a special setting to stop (the code you wrote to stop [the code you wrote to improve performance] from reducing performance) from reducing security.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
646 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Simplifying Surveillance: Key Factors to Consider for a Successful System Setup πŸ“’

Unlocking the Secrets of Surveillance: Avoiding Costly Oversights and Simplifying Operations

πŸ“– Read

via "ITPro".
ITPro
Simplifying Surveillance: Key Factors to Consider for a Successful System Setup
Unlocking the Secrets of Surveillance: Avoiding Costly Oversights and Simplifying Operations
550 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3970 β€Ό

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
481 views