USN-5479-2: PHP vulnerabilities

Read Time:30 Second

USN-5479-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)

Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)

Read More

CVE-2022-0250

Read Time:9 Second

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting

Read More

CVE-2021-25066

Read Time:11 Second

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Read More

CVE-2021-25056

Read Time:11 Second

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Read More

Asia could be placing all the wrong cybersecurity bets

Read Time:46 Second

Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.

The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).

Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said.

To read this article in full, please click here

Read More