Category Archives: Advisories

USN-5446-2: dpkg vulnerability

Read Time:22 Second

USN-5446-1 fixed a vulnerability in dpkg. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.

Read More

CVE-2022-1203

Read Time:16 Second

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options

Read More

CVE-2022-1275

Read Time:11 Second

The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)

Read More