🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21362 ‼

In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21361 ‼

In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
232 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-36920 ‼

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

📖 Read

via "National Vulnerability Database".
225 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21356 ‼

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21348 ‼

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
187 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21359 ‼

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21337 ‼

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21334 ‼

In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
214 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21339 ‼

In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
183 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21338 ‼

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
162 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21341 ‼

In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
172 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21335 ‼

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
193 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21332 ‼

In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21336 ‼

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
233 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 White House Executive Order on AI Provides Guidelines for AI Privacy and Safety 🦿

The Biden administration directed government organizations, including NIST, to encourage responsible and innovative use of generative AI.

📖 Read

via "Tech Republic".
TechRepublic
AI Executive Order: White House Releases 90-Day Progress Report
The Biden administration directed government organizations, including NIST, to encourage responsible and innovative use of AI.
228 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Boeing Breached by Ransomware, LockBit Gang Claims 🕴

LockBit gives Boeing a Nov. 2 deadline to pay the ransom, or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise.

📖 Read

via "Dark Reading".
Dark Reading
Boeing Breached by Ransomware, LockBit Gang Claims
LockBit gives Boeing a Nov. 2 deadline to pay the ransom or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise.
259 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 UAE Cyber Council Warns of Google Chrome Vulnerability 🕴

The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser.

📖 Read

via "Dark Reading".
Dark Reading
UAE Cyber Council Warns of Google Chrome Vulnerability
The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser.
251 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Budget Cuts at CISA Could Affect Enterprise Cybersecurity 🕴

Politicians are suggesting massive cuts to CISA's budget, threatening its missions to secure federal networks and help critical infrastructure operators fend off cyberattacks.

📖 Read

via "Dark Reading".
Dark Reading
Budget Cuts at CISA Could Affect Enterprise Cybersecurity
Politicians are suggesting massive cuts to CISA's budget, threatening its missions to secure federal networks and help critical infrastructure operators fend off cyberattacks.
247 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-40101 ‼

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
222 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-47104 ‼

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.

📖 Read

via "National Vulnerability Database".
281 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21385 ‼

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
280 views