🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.1K subscribers
88.5K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.1K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37831 ‼

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.

📖 Read

via "National Vulnerability Database".
270 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37832 ‼

A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.

📖 Read

via "National Vulnerability Database".
255 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-45955 ‼

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.

📖 Read

via "National Vulnerability Database".
258 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks 🕴

The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.

📖 Read

via "Dark Reading".
Dark Reading
SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks
The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.
284 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46485 ‼

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3955 ‼

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-3676 ‼

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-43295 ‼

Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46484 ‼

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.

📖 Read

via "National Vulnerability Database".
190 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-41377 ‼

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.

📖 Read

via "National Vulnerability Database".
250 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39610 ‼

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20886 ‼

VMware Workspace ONE UEM console contains an open redirect vulnerability.A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

📖 Read

via "National Vulnerability Database".
334 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5306 ‼

Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.

📖 Read

via "National Vulnerability Database".
331 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-37833 ‼

Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.

📖 Read

via "National Vulnerability Database".
358 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5899 ‼

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
300 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5515 ‼

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks againstweb servers and deployed web applications.

📖 Read

via "National Vulnerability Database".
290 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5890 ‼

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5898 ‼

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
222 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-47097 ‼

An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.

📖 Read

via "National Vulnerability Database".
182 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5891 ‼

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
174 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5895 ‼

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
170 views