πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36569 β€Ό

Microsoft Office Elevation of Privilege Vulnerability

πŸ“– Read

via "National Vulnerability Database".
135 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36718 β€Ό

Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36790 β€Ό

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36721 β€Ό

Windows Error Reporting Service Elevation of Privilege Vulnerability

πŸ“– Read

via "National Vulnerability Database".
128 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36780 β€Ό

Skype for Business Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42795 β€Ό

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

πŸ“– Read

via "National Vulnerability Database".
185 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41771 β€Ό

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41765 β€Ό

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36713 β€Ό

Windows Common Log File System Driver Information Disclosure Vulnerability

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36579 β€Ό

Microsoft Message Queuing Denial of Service Vulnerability

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36567 β€Ό

Windows Deployment Services Information Disclosure Vulnerability

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
191 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41763 β€Ό

Skype for Business Elevation of Privilege Vulnerability

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5497 β€Ό

A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36703 β€Ό

DHCP Server Service Denial of Service Vulnerability

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45648 β€Ό

Improper Input Validation vulnerability in Apache Tomcat.TomcatΓ‚ from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

πŸ“– Read

via "National Vulnerability Database".
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Badbox Operation Targets Android Devices in Fraud Schemes πŸ•΄

Researchers believe that more than 70,000 Android devices may have been affected.

πŸ“– Read

via "Dark Reading".
Dark Reading
Badbox Operation Targets Android Devices in Fraud Schemes
Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on the electronics before being sold at market.
298 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ New One-Click Exploit Is a Supply Chain Risk for Linux OSes πŸ•΄

An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.

πŸ“– Read

via "Dark Reading".
Dark Reading
One-Click 'Gnome' Exploit Is a Supply Chain Risk for Linux OSes
An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.
377 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug πŸ•΄

October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
314 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Patch Tuesday, October 2023 Edition β™ŸοΈ

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

πŸ“– Read

via "Krebs on Security".
Krebs on Security
Patch Tuesday, October 2023 Edition
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates…
❀1
298 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26220 β€Ό

The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.

πŸ“– Read

via "National Vulnerability Database".
347 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36127 β€Ό

User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

πŸ“– Read

via "National Vulnerability Database".
324 views