Read Time:4 Second
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
Monthly Archives: November 2022
Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
Read Time:3 Second
The data comes from workforce cyber intelligence and security company Dtex
SEC Announces ‘Enforcement Action’ For SolarWinds Over 2020 Hack
Read Time:6 Second
In a recent 8-K filing with the SEC, the firm said it reached an agreement with shareholders
Conti Affiliates Black Basta, BlackByte Continue to Attack Critical Infrastructure
Read Time:5 Second
Between February and July, 81 victim organizations were listed on the groups’ data leak sites
xorg-x11-server-1.20.14-9.fc35
Read Time:8 Second
FEDORA-2022-9100b7aafd
Packages in this update:
xorg-x11-server-1.20.14-9.fc35
Update description:
Security fix for CVE-2022-3550, CVE-2022-3551
xorg-x11-server-1.20.14-9.fc36
Read Time:8 Second
FEDORA-2022-613e993500
Packages in this update:
xorg-x11-server-1.20.14-9.fc36
Update description:
Security fix for CVE-2022-3550, CVE-2022-3551
xorg-x11-server-1.20.14-9.fc37
Read Time:8 Second
FEDORA-2022-64ad80875c
Packages in this update:
xorg-x11-server-1.20.14-9.fc37
Update description:
Security fix for CVE-2022-3550, CVE-2022-3551
USN-5717-1: PHP vulnerabilities
Read Time:40 Second
It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise the data
(CVE-2022-31629)
It was discovered that PHP incorrectly handled certain image fonts.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
(CVE-2022-31630)
Nicky Mouha discovered that PHP incorrectly handled certain SHA-3 operations.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-37454)
Mastodon: What you need to know for your security and privacy
Read Time:17 Second
Mastodon is hot right now. After some years of only being used by geeks (yes, I’ve had an account for a while now) it’s at the tipping point of becoming mainstream. If you’re part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?
Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation
Read Time:24 Second
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.