Yearly Archives: 2022

Advisories

USN-5378-3: XZ Utils vulnerability

Read Time:18 Second

USN-5378-2 fixed a vulnerability in XZ Utils. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Read More

Advisories

CVE-2020-29653

Read Time:11 Second

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.

Read More

News

Security blind spots in the era of cloud communication & collaboration. Are you protected?

Read Time:21 Second

Graham Cluley Security News is sponsored this week by the folks at Perception Point. Thanks to the great team there for their support! The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services: Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. … Continue reading “Security blind spots in the era of cloud communication & collaboration. Are you protected?”

Read More

Advisories

USN-5378-1: Gzip vulnerability

Read Time:10 Second

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Read More