🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-28072 ‼

A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.

📖 Read

via "National Vulnerability Database".
89 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40433 ‼

An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-40265 ‼

A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.

📖 Read

via "National Vulnerability Database".
90 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37433 ‼

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

📖 Read

via "National Vulnerability Database".
90 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3699 ‼

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

📖 Read

via "National Vulnerability Database".
94 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32421 ‼

dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.

📖 Read

via "National Vulnerability Database".
92 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-38665 ‼

Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).

📖 Read

via "National Vulnerability Database".
93 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43357 ‼

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

📖 Read

via "National Vulnerability Database".
96 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-24295 ‼

Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

📖 Read

via "National Vulnerability Database".
101 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-22628 ‼

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

📖 Read

via "National Vulnerability Database".
101 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-21679 ‼

Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.

📖 Read

via "National Vulnerability Database".
99 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32422 ‼

dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.

📖 Read

via "National Vulnerability Database".
97 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-36281 ‼

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.

📖 Read

via "National Vulnerability Database".
94 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-46174 ‼

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

📖 Read

via "National Vulnerability Database".
94 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37425 ‼

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

📖 Read

via "National Vulnerability Database".
96 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37427 ‼

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

📖 Read

via "National Vulnerability Database".
97 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-21710 ‼

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4212 ‼

?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36648 ‼

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.

📖 Read

via "National Vulnerability Database".
112 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-48538 ‼

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

📖 Read

via "National Vulnerability Database".
107 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37434 ‼

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

📖 Read

via "National Vulnerability Database".
112 views