๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-26652 โ€ผ

An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.

๐Ÿ“– Read

via "National Vulnerability Database".
113 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-29654 โ€ผ

Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

๐Ÿ“– Read

via "National Vulnerability Database".
106 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37428 โ€ผ

A vulnerability in the EdgeConnect SD-WAN Orchestratorร‚ web-based management interface allows remote authenticatedร‚ users to run arbitrary commands on the underlying host.ร‚ A successful exploit could allow an attacker to executeร‚ arbitrary commands as root on the underlying operating systemร‚ leading to complete system compromise.

๐Ÿ“– Read

via "National Vulnerability Database".
105 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-21722 โ€ผ

Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.

๐Ÿ“– Read

via "National Vulnerability Database".
101 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-48065 โ€ผ

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

๐Ÿ“– Read

via "National Vulnerability Database".
102 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-39141 โ€ผ

webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
103 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-21427 โ€ผ

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

๐Ÿ“– Read

via "National Vulnerability Database".
99 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-37052 โ€ผ

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

๐Ÿ“– Read

via "National Vulnerability Database".
97 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47022 โ€ผ

An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.

๐Ÿ“– Read

via "National Vulnerability Database".
98 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37426 โ€ผ

EdgeConnect SD-WAN Orchestrator instances prior to theร‚ versions resolved in this advisory were found to haveร‚ shared static SSH host keys for all installations. Thisร‚ vulnerability could allow an attacker to spoof the SSH hostร‚ signature and thereby masquerade as a legitimate Orchestratorhost.

๐Ÿ“– Read

via "National Vulnerability Database".
102 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-40263 โ€ผ

A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

๐Ÿ“– Read

via "National Vulnerability Database".
103 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37421 โ€ผ

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticatedร‚ remote attacker to conduct a stored cross-site scriptingร‚ (XSS) attack against an administrative user of the interface.ร‚ A successful exploit allows an attacker to execute arbitraryร‚ script code in a victim's browser in the context of theร‚ affected interface.

๐Ÿ“– Read

via "National Vulnerability Database".
105 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47069 โ€ผ

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.

๐Ÿ“– Read

via "National Vulnerability Database".
107 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-43358 โ€ผ

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).

๐Ÿ“– Read

via "National Vulnerability Database".
106 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-40262 โ€ผ

A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.

๐Ÿ“– Read

via "National Vulnerability Database".
104 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-46179 โ€ผ

Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.

๐Ÿ“– Read

via "National Vulnerability Database".
101 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-24293 โ€ผ

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

๐Ÿ“– Read

via "National Vulnerability Database".
100 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-28070 โ€ผ

A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.

๐Ÿ“– Read

via "National Vulnerability Database".
96 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45703 โ€ผ

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

๐Ÿ“– Read

via "National Vulnerability Database".
97 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-48547 โ€ผ

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

๐Ÿ“– Read

via "National Vulnerability Database".
95 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-38349 โ€ผ

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

๐Ÿ“– Read

via "National Vulnerability Database".
97 views