Read Time:2 Second
SimpleTire snafu has now been remediated
Monthly Archives: May 2023
USN-6114-1: nth-check vulnerability
Read Time:12 Second
Yeting Li discovered that nth-check incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
Nine Million MCNA Dental Customers Hit by Breach
USN-6113-1: Jhead vulnerability
Read Time:10 Second
It was discovered that Jhead did not properly handle certain crafted images
while processing the Exif markers. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service.
Printerlogic multiple vulnerabilities
Read Time:15 Second
Posted by Eldar Marcussen on May 29
PrinterLogic SaaS, multiple vulnerabilities
===========================================================
PrinterLogic’s Enterprise Print Management software allows IT
professionals to simplify printer driver management and empower end
users.
— https://www.printerlogic.com/
Background
———————————-
The following findings were identified by performing both dynamic
testing of the PrinterLogic SaaS platform and code…
SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29
SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
=======================================================================
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
fixed version: 6.75 or higher
CVE number: CVE-2023-28485
impact: Medium
homepage: https://wekan.github.io…
SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29
SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed version: 6.7.1 or higher
CVE number: CVE-2023-31285, CVE-2023-31286, CVE-2023-31287
impact: high
homepage:…
APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6
Read Time:26 Second
Posted by Apple Product Security via Fulldisclosure on May 29
APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6
iOS 15.7.6 and iPadOS 15.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213765.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st…
APPLE-SA-2023-05-18-7 watchOS 9.5
Read Time:24 Second
Posted by Apple Product Security via Fulldisclosure on May 29
APPLE-SA-2023-05-18-7 watchOS 9.5
watchOS 9.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213764.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: Apple Watch Series 4 and later
Impact: An app may be able to bypass Privacy preferences
Description: A…
APPLE-SA-2023-05-18-8 Safari 16.5
Read Time:24 Second
Posted by Apple Product Security via Fulldisclosure on May 29
APPLE-SA-2023-05-18-8 Safari 16.5
Safari 16.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213762.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may disclose sensitive information
Description:…