πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39418 β€Ό

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

πŸ“– Read

via "National Vulnerability Database".
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What CISA and NSA Guidance Means for Critical Infrastructure Security πŸ•΄

Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.

πŸ“– Read

via "Dark Reading".
Dark Reading
What CISA and NSA Guidance Means for Critical Infrastructure Security
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.
342 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 iOS 17 cheat sheet: Release date, supported devices and more 🦿

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it.

πŸ“– Read

via "Tech Republic".
TechRepublic
iOS 17 Cheat Sheet: Release Date, Supported Devices and More
When is iOS 17 coming out, and what is the list of supported devices? Find out everything you need to know with our iOS 17 cheat sheet.
298 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24872 β€Ό

Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
252 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-35990 β€Ό

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28717 β€Ό

Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-28427 β€Ό

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-35139 β€Ό

An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27523 β€Ό

An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39948 β€Ό

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24221 β€Ό

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36136 β€Ό

SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.

πŸ“– Read

via "National Vulnerability Database".
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39949 β€Ό

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-35141 β€Ό

An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

πŸ“– Read

via "National Vulnerability Database".
144 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36037 β€Ό

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36034 β€Ό

SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.

πŸ“– Read

via "National Vulnerability Database".
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24222 β€Ό

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

πŸ“– Read

via "National Vulnerability Database".
135 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28849 β€Ό

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25857 β€Ό

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24804 β€Ό

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36082 β€Ό

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

πŸ“– Read

via "National Vulnerability Database".
150 views