In certain Moodle products after creating a course, it is possible to add in a arbitrary “Topic” a resource, in this case a “Database” with the type “Text” where its values “Field name” and “Field description” are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
Daily Archives: September 13, 2022
ImageMagick-6.9.12.63-1.el8
FEDORA-EPEL-2022-9d8794e452
Packages in this update:
ImageMagick-6.9.12.63-1.el8
Update description:
Update ImageMagick to 6.9.12.63 (#2125990)
Update ImageMagick to 6.9.12.62 (#2121962)
Fixes CVE-2021-3574 (#2124540, #2124541, #2124542)
ImageMagick-6.9.12.63-1.el9
FEDORA-EPEL-2022-0cf315054d
Packages in this update:
ImageMagick-6.9.12.63-1.el9
Update description:
Update ImageMagick to 6.9.12.63 (#2125990)
Update ImageMagick to 6.9.12.62 (#2121962)
Fixes CVE-2021-3574 (#2124540, #2124541, #2124542)
ImageMagick-6.9.12.63-1.fc35
FEDORA-2022-0a0e4cb94a
Packages in this update:
ImageMagick-6.9.12.63-1.fc35
Update description:
Update ImageMagick to 6.9.12.63 (#2125990)
Update ImageMagick to 6.9.12.62 (#2121962)
Fixes CVE-2021-3574 (#2124540, #2124541, #2124542)
ImageMagick-6.9.12.63-1.fc37
FEDORA-2022-9b5bb11725
Packages in this update:
ImageMagick-6.9.12.63-1.fc37
Update description:
Update ImageMagick to 6.9.12.63 (#2125990)
Update ImageMagick to 6.9.12.62 (#2121962)
Fixes CVE-2021-3574 (#2124540, #2124541, #2124542)
MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms
Bridge is a digital asset management application
InDesign is an industry-leading layout and page design software for print and digital media
Photoshop is a graphics editor
Adobe InCopy is a professional word processor.
Animate is a multimedia authoring computer animation program.
Illustrator is a vector graphics editor and design program.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Critical Patches Issued for Microsoft Products, September 13, 2022
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
CVE-2021-0943
In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921
CVE-2021-0942
The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312
CVE-2021-0871
In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253