🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44109

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

📖 Read

via "National Vulnerability Database".
376 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44096

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

📖 Read

via "National Vulnerability Database".
407 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44093

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

📖 Read

via "National Vulnerability Database".
398 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare 🦿

A vulnerability in the HTTP/2 network protocol is currently being exploited, resulting in the largest DDoS attack in history. Find out what security teams should do now, and hear what Cloudflare's CEO has to say about this DDoS.

📖 Read

via "Tech Republic".
TechRepublic
New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare
A vulnerability in the HTTP/2 network protocol is currently being exploited, resulting in the largest DDoS attack in history.
👍1
375 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38216

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44119

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

📖 Read

via "National Vulnerability Database".
264 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44114

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44101

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-26370

Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
186 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44102

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38217

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

📖 Read

via "National Vulnerability Database".
193 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44103

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

📖 Read

via "National Vulnerability Database".
184 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-41304

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

📖 Read

via "National Vulnerability Database".
179 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44105

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44116

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

📖 Read

via "National Vulnerability Database".
189 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44108

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

📖 Read

via "National Vulnerability Database".
205 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44097

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

📖 Read

via "National Vulnerability Database".
198 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44095

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

📖 Read

via "National Vulnerability Database".
189 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-37538

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

📖 Read

via "National Vulnerability Database".
182 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.See the documentation for more details on correct cluster administration.

📖 Read

via "National Vulnerability Database".
228 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44107

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

📖 Read

via "National Vulnerability Database".
223 views