πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44238 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <=Γ‚ 1.0.3 versions.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44240 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <=Γ‚ 1.54 versions.

πŸ“– Read

via "National Vulnerability Database".
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44237 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <=Γ‚ 2.0 versions.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44993 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <=Γ‚ 4.7.8 versions.

πŸ“– Read

via "National Vulnerability Database".
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45612 β€Ό

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

πŸ“– Read

via "National Vulnerability Database".
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44246 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <=Γ‚ 1.8.2 versions.

πŸ“– Read

via "National Vulnerability Database".
370 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43700 β€Ό

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

πŸ“– Read

via "National Vulnerability Database".
363 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43697 β€Ό

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows anunprivileged remote attacker to make the site unable to load necessary strings via changing file pathsusing HTTP requests.

πŸ“– Read

via "National Vulnerability Database".
349 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43698 β€Ό

Improper Neutralization of Input During Web Page Generation (Ò€ℒCross-site ScriptingÒ€ℒ) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clientsbrowser via injecting code into the website.

πŸ“– Read

via "National Vulnerability Database".
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43696 β€Ό

Improper Access Control in SICK APU allows an unprivileged remote attacker todownload as well as upload arbitrary files via anonymous access to the FTP server.

πŸ“– Read

via "National Vulnerability Database".
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5100 β€Ό

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows anunprivileged remote attacker to retrieve potentially sensitive information via intercepting network trafficthat is not encrypted.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43699 β€Ό

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APUallows an unprivileged remote attacker to guess the password via trial-and-error as the login attemptsare not limited.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5101 β€Ό

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows anunprivileged remote attacker to download various files from the server via HTTP requests.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5103 β€Ό

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user intoclicking on an actionable item using an iframe.

πŸ“– Read

via "National Vulnerability Database".
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45248 β€Ό

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5102 β€Ό

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45247 β€Ό

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.

πŸ“– Read

via "National Vulnerability Database".
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cybersecurity Talent in America: Bridging the Gap πŸ•΄

It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cybersecurity Talent in America: Bridging the Gap
It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.
πŸ”₯1
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Simple Packet Sender 5.0 πŸ› 

Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Simple Packet Sender 5.0 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
319 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36820 β€Ό

Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.

πŸ“– Read

via "National Vulnerability Database".
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44378 β€Ό

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods.

πŸ“– Read

via "National Vulnerability Database".
252 views