Ubuntu Security Notice USN-6125-1

Ubuntu Security Notice 6125-1 - It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.

Ubuntu Security Notice USN-6126-1

Ubuntu Security Notice 6126-1 - It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that libvirt incorrectly handled queries for the SR-IOV PCI device capabilities. A local attacker could possibly use this issue to cause libvirt to consume resources, leading to a denial of service.

Debian Security Advisory 5417-1

Debian Linux Security Advisory 5417-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

Ubuntu Security Notice USN-6123-1

Ubuntu Security Notice 6123-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.

Ubuntu Security Notice USN-6124-1

Ubuntu Security Notice 6124-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.

Ubuntu Security Notice USN-6117-1

Ubuntu Security Notice 6117-1 - It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6122-1

Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.

Debian Security Advisory 5416-1

Debian Linux Security Advisory 5416-1 - It was discovered that there was a potential buffer overflow and denial of service vulnerability in the gdhcp client implementation of connman, a command-line network manager designed for use on embedded devices.

[webapps] Rukovoditel 3.3.1 - CSV injection

Rukovoditel 3.3.1 - CSV injection

[remote] Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

[webapps] Pydio Cells 4.1.2 - Server-Side Request Forgery

Pydio Cells 4.1.2 - Server-Side Request Forgery

[webapps] Online Security Guards Hiring System 1.0 - Reflected XSS

Online Security Guards Hiring System 1.0 - Reflected XSS

[webapps] Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

[webapps] MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

[webapps] SCRMS 2023-05-27 1.0 - Multiple SQL Injection

SCRMS 2023-05-27 1.0 - Multiple SQL Injection

[webapps] Pydio Cells 4.1.2 - Unauthorised Role Assignments

Pydio Cells 4.1.2 - Unauthorised Role Assignments

[webapps] unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

[webapps] Faculty Evaluation System 1.0 - Unauthenticated File Upload

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Ubuntu Security Notice USN-6121-1

Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6111-1

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6119-1

Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

Ubuntu Security Notice USN-6120-1

Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

Ubuntu Security Notice USN-6115-1

Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.

Ubuntu Security Notice USN-6118-1

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x69b0.

Ubuntu Security Notice USN-6113-1

Ubuntu Security Notice 6113-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service.

Ubuntu Security Notice USN-6114-1

Ubuntu Security Notice 6114-1 - Yeting Li discovered that nth-check incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6116-1

Ubuntu Security Notice 6116-1 - It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Gentoo Linux Security Advisory 202305-33

Gentoo Linux Security Advisory 202305-33 - Multiple vulnerabilities have been found in OpenImageIO, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.4.6.0 are affected.

Apple Security Advisory 2023-05-18-2

Apple Security Advisory 2023-05-18-2 - iOS 15.7.6 and iPadOS 15.7.6 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202305-34

Gentoo Linux Security Advisory 202305-34 - Multiple vulnerabilities have been found in CGAL, the worst of which could result in arbitrary code execution. Versions greater than or equal to 5.4.1 are affected.

Gentoo Linux Security Advisory 202305-31

Gentoo Linux Security Advisory 202305-31 - Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in arbitrary code execution. Versions greater than or equal to 4.5.0-r2 are affected.

Gentoo Linux Security Advisory 202305-37

Gentoo Linux Security Advisory 202305-37 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service. Versions greater than or equal to 10.1.8 are affected.

Gentoo Linux Security Advisory 202305-32

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

Gentoo Linux Security Advisory 202305-35

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

Gentoo Linux Security Advisory 202305-29

Gentoo Linux Security Advisory 202305-29 - Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write. Versions greater than or equal to 4.5_p20210914 are affected.

Apple Security Advisory 2023-05-18-7

Apple Security Advisory 2023-05-18-7 - watchOS 9.5 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202305-36

Gentoo Linux Security Advisory 202305-36 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0 are affected.

CVE-2022-48331 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0)

Posted by Cyber Intel Security on May 30

1. INFORMATION
--------------
[+] CVE : CVE-2022-48331
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_save_keys @ 0x69b0)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------

5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48334 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370)

Posted by Cyber Intel Security on May 30

1. INFORMATION
--------------
[+] CVE : CVE-2022-48334
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_verify_keys @ 0x7370)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48333 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c)

Posted by Cyber Intel Security on May 30

1. INFORMATION
--------------
[+] CVE : CVE-2022-48333
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_verify_keys @ 0x730c)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48332 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18)

Posted by Cyber Intel Security on May 30

1. INFORMATION
--------------
[+] CVE : CVE-2022-48332
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_save_keys @ 0x6a18)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48336 - Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8)

Posted by Cyber Intel Security on May 30

1. INFORMATION
--------------
[+] CVE : CVE-2022-48336
[+] Title : Buffer Overflow in Widevine Trustlet
(PRDiagParseAndStoreData @ 0x5cc8)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E),...

CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)

Posted by Cyber Intel Security on May 30

1. INFORMATION
--------------
[+] CVE : CVE-2022-48335
[+] Title : Buffer Overflow in Widevine Trustlet
(PRDiagVerifyProvisioning @ 0x5f90)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0...

SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer

Posted by Lennert Preuth via Fulldisclosure on May 30

Title
=====

SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-33255

Link
====

https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt

Further SCHUTZWERK advisories:
https://www.schutzwerk.com/blog/tags/advisories/

Affected products/vendor...

[RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery

Posted by RedTeam Pentesting GmbH on May 30

For longer running processes, Pydio Cells allows for the creation of
jobs, which are run in the background. The job "remote-download" can be
used to cause the backend to send a HTTP GET request to a specified URL
and save the response to a new file. The response file is then available
in a user-specified folder in Pydio Cells.

Details
=======

Product: Pydio Cells
Affected Versions: 4.1.2 and earlier versions
Fixed Versions: 4.2.0,...

[RT-SA-2023-004] Pydio Cells: Cross-Site Scripting via File Download

Posted by RedTeam Pentesting GmbH on May 30

Advisory: Pydio Cells: Cross-Site Scripting via File Download

Pydio Cells implements the download of files using presigned URLs which
are generated using the Amazon AWS SDK for JavaScript [1]. The secrets
used to sign these URLs are hardcoded and exposed through the JavaScript
files of the web application. Therefore, it is possible to generate
valid signatures for arbitrary download URLs. By uploading an HTML file
and modifying the download URL...

[RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments

Posted by RedTeam Pentesting GmbH on May 30

Advisory: Pydio Cells: Unauthorised Role Assignments

Pydio Cells allows users by default to create so-called external users
in order to share files with them. By modifying the HTTP request sent
when creating such an external user, it is possible to assign the new
user arbitrary roles. By assigning all roles to a newly created user, access to
all cells and non-personal workspaces is granted.

Details
=======

Product: Pydio Cells
Affected...

Printerlogic multiple vulnerabilities

Posted by Eldar Marcussen on May 29

PrinterLogic SaaS, multiple vulnerabilities
===========================================================
PrinterLogic's Enterprise Print Management software allows IT
professionals to simplify printer driver management and empower end
users.
-- https://www.printerlogic.com/

Background
----------------------------------
The following findings were identified by performing both dynamic
testing of the PrinterLogic SaaS platform and code...

SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29

SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
=======================================================================
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
fixed version: 6.75 or higher
CVE number: CVE-2023-28485
impact: Medium
homepage: https://wekan.github.io...

SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29

SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed version: 6.7.1 or higher
CVE number: CVE-2023-31285, CVE-2023-31286, CVE-2023-31287
impact: high
homepage:...

APPLE-SA-2023-05-18-7 watchOS 9.5

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2023-05-18-7 watchOS 9.5

watchOS 9.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213764.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Watch Series 4 and later
Impact: An app may be able to bypass Privacy preferences
Description: A...

APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6

iOS 15.7.6 and iPadOS 15.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213765.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st...

Ubuntu Security Notice USN-6097-1

Ubuntu Security Notice 6097-1 - It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service.

Ubuntu Security Notice USN-6110-1

Ubuntu Security Notice 6110-1 - It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. It was discovered that Jhead did not properly handle certain crafted images when printing Canon-specific information. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. It was discovered that Jhead did not properly handle certain crafted images when removing unknown sections. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service.