Category Archives: Advisories

CVE-2020-4957

Read Time:9 Second

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.

Read More

USN-5423-2: ClamAV vulnerabilities

Read Time:1 Minute, 2 Second

USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files.
A remote attacker could possibly use this issue to cause ClamAV to stop
responding, resulting in a denial of service. (CVE-2022-20770)

Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF
files. A remote attacker could possibly use this issue to cause ClamAV to
stop responding, resulting in a denial of service. (CVE-2022-20771)

Michał Dardas discovered that ClamAV incorrectly handled parsing HTML
files. A remote attacker could possibly use this issue to cause ClamAV to
consume resources, resulting in a denial of service. (CVE-2022-20785)

Michał Dardas discovered that ClamAV incorrectly handled loading the
signature database. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-20792)

Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly
handled the scan verdict cache check. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service, or
possibly execute arbitrary code.(CVE-2022-20796)

Read More

USN-5425-1: PCRE vulnerabilities

Read Time:32 Second

Yunho Kim discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to expose sensitive
information. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)

It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to have unexpected
behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)

Read More

USN-5424-1: OpenLDAP vulnerability

Read Time:11 Second

It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.

Read More

USN-5423-1: ClamAV vulnerabilities

Read Time:54 Second

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files.
A remote attacker could possibly use this issue to cause ClamAV to stop
responding, resulting in a denial of service. (CVE-2022-20770)

Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF
files. A remote attacker could possibly use this issue to cause ClamAV to
stop responding, resulting in a denial of service. (CVE-2022-20771)

Michał Dardas discovered that ClamAV incorrectly handled parsing HTML
files. A remote attacker could possibly use this issue to cause ClamAV to
consume resources, resulting in a denial of service. (CVE-2022-20785)

Michał Dardas discovered that ClamAV incorrectly handled loading the
signature database. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-20792)

Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly
handled the scan verdict cache check. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service, or
possibly execute arbitrary code.(CVE-2022-20796)

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:56 Second

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Safari is a graphical web browser developed by Apple.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Xcode is Apple’s integrated development environment for macOS
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

CVE-2013-10001

Read Time:12 Second

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Read More

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213257.

AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher

AMD
Available…

Read More