In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
openssl-1.1.1q-1.fc35
Changelog
* Thu Jul 07 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1q-1
– Upgrade to 1.1.1q
Resolves: CVE-2022-2097
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1p-1
– Upgrade to 1.1.1p
Resolves: CVE-2022-2068
Related: rhbz#2099975
Security fix for CVE-2022-2068
openssl-3.0.5-1.fc36
Changelog
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> – 1:3.0.5-1
– Rebase to upstream version 3.0.5
Related: rhbz#2099972, CVE-2022-2097
openssl-3.0.5-1.fc37
Automatic update for openssl-3.0.5-1.fc37.
* Tue Jul 5 2022 Clemens Lang <cllang@redhat.com> – 1:3.0.5-1
– Rebase to upstream version 3.0.5
Related: rhbz#2099972, CVE-2022-2097
openssl1.1-1.1.1q-1.fc36
Changelog
* Thu Jul 07 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1q-1
– Upgrade to 1.1.1q
Resolves: CVE-2022-2097
Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7
sequence. A remote attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-22747)
Ronald Crane discovered that NSS incorrectly handled certain memory
operations. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-34480)
In a concerted effort to spread the word on the threat posed by China to governments at the state and local level as well as businesses of all sizes, the U.S. National Counterintelligence and Security Centre (NSCS), issued a “Safeguarding Our Future” bulletin. “Protecting Government and Business Leaders at the U.S. State and Local Level from People’s Republic of China (PRC) Influence Operations” differs from previous warnings on China’s use of social networks, pseudo-state-sponsored hackers, etc. The NSCS highlights how the Chinese intelligence apparatus uses the whole-of-government approach as they work to acquire information in support of the Communist Party of China (CCP) directives.
A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this … Continue reading “Smashing Security podcast #282: Raising money through ransomware, China’s mega-leak, and hackers for hire”
Recorded Future claims Kremlin is using multiple outlets to amplify disinfo
