Tavis Ormandy

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. A low-privileged attacker could exploit this to inject malicious scripts into vulnerable form fields. Execution of malicious JavaScript may occur in a victim’s browser when navigating to a page containing the vulnerable field. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** The software is susceptible to a stored Cross-Site Scripting (XSS) issue. A low-privileged attacker could leverage this to inject malicious scripts into vulnerable form fields. Execution of malicious JavaScript may occur in a victim’s browser when accessing the page with the vulnerable field. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** AMD CPU versions (affected versions not specified) **Description** The issue is related to improper signature verification in the AMD CPU ROM microcode patch loader, which may allow an attacker with local administrator privilege to load malicious CPU microcode. This could result in the loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. The vulnerability exploits the use of an insecure hash function for microcode updates, potentially compromising secure computing environments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel Processors (affected versions not specified) **Description** A sequence of processor instructions can lead to unexpected behavior in some Intel processors, potentially allowing an authenticated user to enable escalation of privilege, information disclosure, or denial of service via local access. This issue is related to the interpretation of redundant prefixes and can cause the system to crash or become unresponsive. The vulnerability, termed Reptar, primarily affects multi-tenant virtualized environments where multiple virtual machines are run on the same host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD Zen 2 processors (affected versions not specified) **Description** The issue in AMD Zen 2 processors, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. This is due to a use-after-free vulnerability, which can be exploited to track the contents of registers during the execution of other processes on the same CPU core. Researchers have found that 62% of AWS environments are potentially vulnerable to this issue, and it may affect various AMD Ryzen processors. The vulnerability can be used to steal confidential data, such as passwords and encryption keys. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, AMD has begun releasing microcode updates, and clients are recommended to apply AGESA firmware fixes. As a temporary workaround, consider disabling or restricting the use of vulnerable components until a patch is available. Additionally, users can apply kernel-side mitigations to protect themselves until AMD releases fixed microcode updates for all affected CPUs.

**Name of the Vulnerable Software and Affected Versions** uTorrent (affected versions not specified) **Description** A critical issue has been found in uTorrent, affecting some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. **Recommendations** It is recommended to upgrade the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent Web (affected versions not specified) **Description** A critical issue has been found, affecting an unknown functionality of the HTTP RPC Server component, which can lead to privilege escalation. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent (affected versions not specified) **Description** A critical issue has been found in uTorrent, affecting an unknown part of the software. The manipulation of this issue leads to memory corruption and can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** uTorrent (affected versions not specified) **Description** A critical issue was found in uTorrent, affecting the PRNG component, which leads to weak authentication. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mutt versions 0.94.13 through 2.2.3 **Description** The issue is related to a buffer overflow in the `mutt decode uuencoded()` function of the Mutt email client. This can allow a remote attacker to gain unauthorized access to protected information or cause a denial of service. The problem arises from the function reading past the end of an input line. **Recommendations** For versions 0.94.13 through 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the `mutt decode uuencoded()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.2 through 1.0.2zc OpenSSL versions 1.1.1 through 1.1.1m OpenSSL versions 3.0.0 through 3.0.1 **Description** The BN mod sqrt() function in OpenSSL contains a bug that can cause it to loop forever for non-prime moduli, leading to a denial of service attack. This issue can be triggered by crafting a certificate with invalid explicit curve parameters. The vulnerability affects various situations, including TLS clients and servers consuming certificates, hosting providers, and certificate authorities parsing certification requests. The issue was addressed in the releases of OpenSSL 1.1.1n and 3.0.2 on March 15, 2022. **Recommendations** For OpenSSL versions 1.0.2 through 1.0.2zc, update to version 1.0.2zd. For OpenSSL versions 1.1.1 through 1.1.1m, update to version 1.1.1n. For OpenSSL versions 3.0.0 through 3.0.1, update to version 3.0.2. As a temporary workaround, consider disabling the `BN mod sqrt()` function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `BN mod sqrt()` function in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** xterm versions through Patch 370 **Description** The issue is related to a buffer overflow in the `set sixel` function within the `graphics sixel.c` component of the xterm terminal emulator. This occurs when Sixel support is enabled and an attacker provides crafted text. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For xterm versions through Patch 370, apply Patch 370 to resolve the issue. As a temporary workaround, consider disabling Sixel support until the patch is applied. Restrict access to the `set sixel` function in the `graphics sixel.c` component to minimize the risk of exploitation. Avoid using crafted text that could trigger the buffer overflow in the affected `set sixel` function.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 91.5 Firefox versions prior to 96 Thunderbird versions prior to 91.5 **Description** The issue is related to the incorrect handling of an empty pkcs7 sequence in certificate data. This could lead to a crash when handling an untrusted certificate, potentially allowing a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted certificate. It is believed that this crash is not exploitable for more severe attacks. **Recommendations** For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Firefox versions prior to 96, update to version 96 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 91.3.0 **Description** The issue is related to a heap overflow when processing S/MIME messages, specifically those containing certificates with DER-encoded DSA or RSA-PSS signatures. **Recommendations** For Thunderbird versions prior to 91.3.0, update to version 91.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Defender (affected versions not specified) **Description** The issue exists due to insufficient input validation in Microsoft Defender, which is part of the Windows operating system. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.4 Safari versions prior to 14.1.1 iOS versions prior to 14.6 iPadOS versions prior to 14.6 **Description** A null pointer dereference issue was addressed with improved input validation, which may allow a remote attacker to cause a denial of service. **Recommendations** For macOS Big Sur versions prior to 11.4, update to macOS Big Sur 11.4 to resolve the issue. For Safari versions prior to 14.1.1, update to Safari 14.1.1 to resolve the issue. For iOS versions prior to 14.6, update to iOS 14.6 to resolve the issue. For iPadOS versions prior to 14.6, update to iPadOS 14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Debian xscreensaver version 5.42+dfsg1-1 **Description** The issue arises from the Debian xscreensaver package having the cap net raw capability enabled for the /usr/libexec/xscreensaver/sonar file. This setting can be exploited by local users to gain privileges, potentially due to incompatibility with the design of the Mesa 3D Graphics library dependency. **Recommendations** For Debian xscreensaver version 5.42+dfsg1-1, consider disabling the cap net raw capability for the /usr/libexec/xscreensaver/sonar file as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.1i and below OpenSSL versions 1.0.2x and below **Description** The issue is related to the `X509 issuer and serial hash()` function, which attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However, it fails to correctly handle any errors that may occur while parsing the issuer field, potentially resulting in a NULL pointer dereference and a crash, leading to a potential denial of service attack. This function is never directly called by OpenSSL itself, so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. Additionally, calls to `EVP CipherUpdate`, `EVP EncryptUpdate`, and `EVP DecryptUpdate` may overflow the output length argument in some cases, causing applications to behave incorrectly or crash. **Recommendations** For OpenSSL versions 1.1.1i and below, upgrade to OpenSSL 1.1.1j. For OpenSSL versions 1.0.2x and below, premium support customers should upgrade to 1.0.2y, while other users should upgrade to 1.1.1j. As a temporary workaround, consider avoiding the use of the `X509 issuer and serial hash()` function on certificates from untrusted sources until a patch is available.

Name of the Vulnerable Software and Affected Versions: xterm versions before Patch #366 Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. This can potentially lead to unspecified other impacts. Recommendations: For xterm versions before Patch #366, apply Patch #366 to resolve the issue. As a temporary workaround, consider restricting the use of crafted UTF-8 combining character sequences until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** GNU Screen versions through 4.8.0 **Description** The issue is related to incorrect handling of UTF-8 character sequences in the encoding.c component of GNU Screen. This can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service, potentially leading to an application crash. **Recommendations** For GNU Screen versions through 4.8.0, update to a version later than 4.8.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.