🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37052 ‼

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

📖 Read

via "National Vulnerability Database".
97 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-47022 ‼

An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.

📖 Read

via "National Vulnerability Database".
98 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37426 ‼

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestratorhost.

📖 Read

via "National Vulnerability Database".
102 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-40263 ‼

A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37421 ‼

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

📖 Read

via "National Vulnerability Database".
105 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-47069 ‼

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.

📖 Read

via "National Vulnerability Database".
107 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43358 ‼

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).

📖 Read

via "National Vulnerability Database".
106 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-40262 ‼

A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-46179 ‼

Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.

📖 Read

via "National Vulnerability Database".
101 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-24293 ‼

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28070 ‼

A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.

📖 Read

via "National Vulnerability Database".
96 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-45703 ‼

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

📖 Read

via "National Vulnerability Database".
97 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-48547 ‼

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

📖 Read

via "National Vulnerability Database".
95 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38349 ‼

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

📖 Read

via "National Vulnerability Database".
97 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-47695 ‼

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

📖 Read

via "National Vulnerability Database".
99 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-45582 ‼

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

📖 Read

via "National Vulnerability Database".
88 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23565 ‼

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.

📖 Read

via "National Vulnerability Database".
86 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-30079 ‼

A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.

📖 Read

via "National Vulnerability Database".
87 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37430 ‼

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

📖 Read

via "National Vulnerability Database".
82 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-34193 ‼

Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.

📖 Read

via "National Vulnerability Database".
82 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37438 ‼

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

📖 Read

via "National Vulnerability Database".
86 views