πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39386 β€Ό

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39380 β€Ό

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

πŸ“– Read

via "National Vulnerability Database".
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39390 β€Ό

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

πŸ“– Read

via "National Vulnerability Database".
302 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39399 β€Ό

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

πŸ“– Read

via "National Vulnerability Database".
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39394 β€Ό

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.

πŸ“– Read

via "National Vulnerability Database".
378 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39387 β€Ό

Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

πŸ“– Read

via "National Vulnerability Database".
489 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39384 β€Ό

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

πŸ“– Read

via "National Vulnerability Database".
508 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39393 β€Ό

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

πŸ“– Read

via "National Vulnerability Database".
576 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3259 β€Ό

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information

πŸ“– Read

via "National Vulnerability Database".
472 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40291 β€Ό

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

πŸ“– Read

via "National Vulnerability Database".
445 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40295 β€Ό

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.

πŸ“– Read

via "National Vulnerability Database".
355 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40274 β€Ό

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.

πŸ“– Read

via "National Vulnerability Database".
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3260 β€Ό

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter.An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3261 β€Ό

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.

πŸ“– Read

via "National Vulnerability Database".
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40293 β€Ό

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

πŸ“– Read

via "National Vulnerability Database".
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40292 β€Ό

Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40296 β€Ό

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.

πŸ“– Read

via "National Vulnerability Database".
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40283 β€Ό

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

πŸ“– Read

via "National Vulnerability Database".
371 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3262 β€Ό

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

πŸ“– Read

via "National Vulnerability Database".
403 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40294 β€Ό

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.

πŸ“– Read

via "National Vulnerability Database".
425 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Media Disposal Policy 🦿

An organization’s data and information possess tremendous value and must always be safeguarded. This policy from TechRepublic Premium helps ensure an organization’s storage media are properly cleansed and sanitized prior to disposal, recycling or donation. From the policy: When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires ...

πŸ“– Read

via "Tech Republic".
TechRepublic
Media Disposal Policy
An organization’s data and information possess tremendous value and must always be safeguarded. This policy from TechRepublic Premium helps ensure an
❀1
382 views