πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.1K subscribers
88.4K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.1K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35646 β€Ό

In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸ“– Read

via "National Vulnerability Database".
345 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35649 β€Ό

In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.

πŸ“– Read

via "National Vulnerability Database".
431 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45132 β€Ό

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.

πŸ“– Read

via "National Vulnerability Database".
562 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42298 β€Ό

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

πŸ“– Read

via "National Vulnerability Database".
549 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1943 β€Ό

Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘2
602 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Pan-African Financial Apps Leak Encryption, Authentication Keys πŸ•΄

Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.

πŸ“– Read

via "Dark Reading".
Dark Reading
Pan-African Financial Apps Leak Encryption, Authentication Keys
Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.
560 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ New California Delete Act Tightens Rules for Data Brokers πŸ•΄

Companies with customers in California need to prepare for a new process for demanding deletion of personal data.

πŸ“– Read

via "Dark Reading".
Dark Reading
New California Delete Act Tightens Rules for Data Brokers
Companies with customers in California need to prepare for a new process for demanding deletion of personal data.
475 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ How to Scan Your Environment for Vulnerable Versions of Curl πŸ•΄

This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environment.

πŸ“– Read

via "Dark Reading".
Dark Reading
How to Scan Your Environment for Vulnerable Versions of Curl
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.
436 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45058 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <=Γ‚ 1.6.8 versions.

πŸ“– Read

via "National Vulnerability Database".
371 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43789 β€Ό

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

πŸ“– Read

via "National Vulnerability Database".
360 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23737 β€Ό

Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <=Γ‚ 4.0 versions.

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5045 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.

πŸ“– Read

via "National Vulnerability Database".
304 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45048 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <=Γ‚ 5.00 versions.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23651 β€Ό

Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics ExtensionΓ‚ plugin <= 4.0.4 versions.

πŸ“– Read

via "National Vulnerability Database".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45052 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin <Γ‚ 5.0 versions.

πŸ“– Read

via "National Vulnerability Database".
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45063 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <=Γ‚ 1.1.5 versions.

πŸ“– Read

via "National Vulnerability Database".
❀1
289 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45011 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <=Γ‚ 2.2.3 versions.

πŸ“– Read

via "National Vulnerability Database".
294 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45060 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <=Γ‚ 3.2.0 versions.

πŸ“– Read

via "National Vulnerability Database".
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5046 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.

πŸ“– Read

via "National Vulnerability Database".
375 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44998 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <=Γ‚ 1.2.8 versions.

πŸ“– Read

via "National Vulnerability Database".
397 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45068 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <=Γ‚ 1.7.27 versions.

πŸ“– Read

via "National Vulnerability Database".
414 views