🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39398 ‼

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

📖 Read

via "National Vulnerability Database".
284 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39405 ‼

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

📖 Read

via "National Vulnerability Database".
269 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39389 ‼

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.

📖 Read

via "National Vulnerability Database".
254 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39383 ‼

Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.

📖 Read

via "National Vulnerability Database".
246 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39400 ‼

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39406 ‼

Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.

📖 Read

via "National Vulnerability Database".
237 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39392 ‼

Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.

📖 Read

via "National Vulnerability Database".
242 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39395 ‼

Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.

📖 Read

via "National Vulnerability Database".
248 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39386 ‼

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.

📖 Read

via "National Vulnerability Database".
263 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39380 ‼

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39390 ‼

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39399 ‼

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

📖 Read

via "National Vulnerability Database".
340 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39394 ‼

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.

📖 Read

via "National Vulnerability Database".
378 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39387 ‼

Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

📖 Read

via "National Vulnerability Database".
489 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39384 ‼

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

📖 Read

via "National Vulnerability Database".
508 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39393 ‼

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

📖 Read

via "National Vulnerability Database".
576 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3259 ‼

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information

📖 Read

via "National Vulnerability Database".
472 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-40291 ‼

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

📖 Read

via "National Vulnerability Database".
445 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-40295 ‼

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.

📖 Read

via "National Vulnerability Database".
355 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-40274 ‼

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.

📖 Read

via "National Vulnerability Database".
286 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3260 ‼

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter.An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.

📖 Read

via "National Vulnerability Database".
250 views