It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the program to crash, use unexpected
values, or execute arbitrary code. (CVE-2022-1968)
It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the corruption of sensitive
information, a crash, or arbitrary code execution.
(CVE-2022-1897, CVE-2022-1942)
Charles Fol discovered two security issues in PHP, a widely-used open
source general purpose scripting language which could result an denial of
service or potentially the execution of arbitrary code:
USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for
CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
Cloud security company Wiz recently announced a community-based website, cloudvulndb.org, that provides a centralized cloud vulnerabilities database for public access. While the database fills gaps left by MITRE’s CVE vulnerability system and the current shared-responsibility model for cloud security issues, it will require additional, widespread industry support in order to be successful, according to security experts.
The new vulnerability database is a continuation of Wiz’s efforts to streamline the detection and management of cloud vulnerabilities which, it says, often tend to fall between the cracks among current systems.
kernel-5.18.10-200.fc36
The 5.18.10 stable kernel update contains a number of important fixes across the tree.
kernel-5.18.10-100.fc35
The 5.18.10 stable kernel update contains a number of important fixes across the tree.
Turning on Lockdown Mode will harden device defenses and strictly limit certain functionalities
grafana-9.0.2-1.fc37
Automatic update for grafana-9.0.2-1.fc37.
* Thu Jul 7 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-1
– update to 9.0.2 tagged upstream community sources, see CHANGELOG
Report by Georgetown’s Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement (ICE).
Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives. By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time. In its efforts to arrest and deport, ICE has without any judicial, legislative or public oversight reached into datasets containing personal information about the vast majority of people living in the U.S., whose records can end up in the hands of immigration enforcement simply because they apply for driver’s licenses; drive on the roads; or sign up with their local utilities to get access to heat, water and electricity.
ICE has built its dragnet surveillance system by crossing legal and ethical lines, leveraging the trust that people place in state agencies and essential service providers, and exploiting the vulnerability of people who volunteer their information to reunite with their families. Despite the incredible scope and evident civil rights implications of ICE’s surveillance practices, the agency has managed to shroud those practices in near-total secrecy, evading enforcement of even the handful of laws and policies that could be invoked to impose limitations. Federal and state lawmakers, for the most part, have yet to confront this reality.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
