🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4851 ‼

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.

📖 Read

via "National Vulnerability Database".
595 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4850 ‼

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.

📖 Read

via "National Vulnerability Database".
675 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4852 ‼

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
742 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4864 ‼

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
775 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4865 ‼

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
848 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-41915 ‼

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

📖 Read

via "National Vulnerability Database".
942 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4878 ‼

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

📖 Read

via "National Vulnerability Database".
926 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4879 ‼

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.

📖 Read

via "National Vulnerability Database".
909 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42467 ‼

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

📖 Read

via "National Vulnerability Database".
870 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 Protect Your Data With the MonoDefense Security Suite for $149.99 🦿

Get VPN, Firewall and SmartDNS protection in one package! Combining five top-rated security apps, the MonoDefense Security Suite offers complete protection — and lifetime subscriptions are now 62% off.

📖 Read

via "Tech Republic".
TechRepublic
Protect Your Data With the MonoDefense Security Suite for $130
Get VPN, Firewall, and SmartDNS protection in one package with MonoDefense Security Suite.
710 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4577 ‼

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
476 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4104 ‼

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.

📖 Read

via "National Vulnerability Database".
408 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4576 ‼

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
366 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4575 ‼

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
334 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-40039 ‼

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.

📖 Read

via "National Vulnerability Database".
317 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4583 ‼

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-35845 ‼

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.

📖 Read

via "National Vulnerability Database".
290 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4573 ‼

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4578 ‼

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
266 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4580 ‼

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4579 ‼

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.

📖 Read

via "National Vulnerability Database".
254 views