Yunho Kim discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to expose sensitive
information. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)

It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to have unexpected
behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)

Read More

FEDORA-2022-2078cfb52d

Packages in this update:

vim-8.2.4969-1.fc35

Update description:

The newest upstream commit

Security fix for CVE-2022-1674

Read More

FEDORA-2022-d20b51de9c

Packages in this update:

vim-8.2.4969-1.fc36

Update description:

The newest upstream commit

Security fix for CVE-2022-1674

Read More

It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.

Read More

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files.
A remote attacker could possibly use this issue to cause ClamAV to stop
responding, resulting in a denial of service. (CVE-2022-20770)

Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF
files. A remote attacker could possibly use this issue to cause ClamAV to
stop responding, resulting in a denial of service. (CVE-2022-20771)

Michał Dardas discovered that ClamAV incorrectly handled parsing HTML
files. A remote attacker could possibly use this issue to cause ClamAV to
consume resources, resulting in a denial of service. (CVE-2022-20785)

Michał Dardas discovered that ClamAV incorrectly handled loading the
signature database. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-20792)

Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly
handled the scan verdict cache check. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service, or
possibly execute arbitrary code.(CVE-2022-20796)

Read More

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Safari is a graphical web browser developed by Apple.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Xcode is Apple’s integrated development environment for macOS
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Read More

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213257.

AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher

AMD
Available…

Read More

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-6 tvOS 15.5

tvOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213254.

AppleAVD
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous…

Read More

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213253.

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher

AppleAVD…

Read More