🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28560 ‼

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

📖 Read

via "National Vulnerability Database".
159 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28564 ‼

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4540 ‼

Improper Handling of Exceptional Conditions vulnerability in Daurnimator HTTP Library for Lua allows Excessive Allocation.This issue affects HTTP Library for Lua: before commit ddab283.

📖 Read

via "National Vulnerability Database".
157 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-40535 ‼

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.

📖 Read

via "National Vulnerability Database".
161 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39938 ‼

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.

📖 Read

via "National Vulnerability Database".
168 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28548 ‼

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21644 ‼

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

📖 Read

via "National Vulnerability Database".
172 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39448 ‼

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21663 ‼

Memory Corruption while accessing metadata in Display.

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21667 ‼

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

📖 Read

via "National Vulnerability Database".
184 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40524 ‼

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

📖 Read

via "National Vulnerability Database".
208 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21654 ‼

Memory corruption in Audio during playback session with audio effects enabled.

📖 Read

via "National Vulnerability Database".
241 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28567 ‼

Memory corruption in WLAN HAL while handling command through WMI interfaces.

📖 Read

via "National Vulnerability Database".
283 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-28544 ‼

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

📖 Read

via "National Vulnerability Database".
304 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40534 ‼

Memory corruption due to improper validation of array index in Audio.

📖 Read

via "National Vulnerability Database".
300 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-36492 ‼

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

📖 Read

via "National Vulnerability Database".
311 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20897 ‼

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

📖 Read

via "National Vulnerability Database".
344 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-38569 ‼

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

📖 Read

via "National Vulnerability Database".
353 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20898 ‼

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

📖 Read

via "National Vulnerability Database".
355 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41763 ‼

An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.

📖 Read

via "National Vulnerability Database".
343 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 As LotL Attacks Evolve, So Must Defenses 🕴

Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.

📖 Read

via "Dark Reading".
Dark Reading
As LotL Attacks Evolve, So Must Defenses
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
362 views