William Bowling

**Name of the Vulnerable Software and Affected Versions** SerenityOS (affected versions not specified) **Description** A critical issue has been found in SerenityOS, affecting the function `initialize typed array from array buffer` in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. This issue leads to integer overflow. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch, specifically the one identified as f6c6047e49f1517778f5565681fb64750b14bf60. As a temporary workaround, consider disabling the `initialize typed array from array buffer` function until the patch is applied.

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.9.0 Description: A stored cross-site scripting vulnerability affects TinyMCE, allowing an unauthenticated and remote attacker to insert crafted HTML into the editor. This results in arbitrary JavaScript execution in another user's browser. The vulnerability is due to a flaw in the schema validation logic of the core parser, which can be exploited when inserting specially crafted content into the editor using the clipboard or editor APIs. Recommendations: To resolve the issue, upgrade to TinyMCE 5.9.0 or higher. Alternatively, manually sanitize the content using the `BeforeSetContent` event. For example, use the following code to sanitize content: ```js editor.on('BeforeSetContent', function(e) { var sanitizedContent = ...; // Manually sanitize content here e.content = sanitizedContent; }); ```

**Name of the Vulnerable Software and Affected Versions** ExifTool versions 7.44 and up **Description** The issue is related to improper neutralization of user data in the DjVu file format, allowing arbitrary code execution when parsing malicious images. This could enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability was exploited in real-world incidents, including a case where researchers found that VirusTotal could be used to gain remote code execution on certain sandbox machines due to the use of an outdated version of ExifTool. The vulnerability is considered high-risk, with a CVSS score of 7.8. **Recommendations** For ExifTool versions 7.44 and up, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the processing of DjVu files until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the DjVu file format in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 2.22 GitHub Enterprise Server version 2.21.6 GitHub Enterprise Server version 2.20.15 GitHub Enterprise Server version 2.19.21 **Description** An improper access control issue was identified in GitHub Enterprise Server, allowing authenticated users to determine the names of unauthorized private repositories given their numerical IDs. This issue did not allow unauthorized access to any repository content besides the name. The issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions prior to 2.22, update to version 2.22 or later to resolve the issue. For GitHub Enterprise Server version 2.21.6, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 2.20.15, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 2.19.21, no additional action is required as this version already contains the fix.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 2.22 **Description** A remote code execution issue was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. The user-controlled configuration of the underlying parsers used by GitHub Pages was not sufficiently restricted, making it possible to execute commands on the GitHub Enterprise Server instance. To exploit this issue, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. **Recommendations** For versions prior to 2.22, update to version 2.21.6, 2.20.15, or 2.19.21 to resolve the issue. As a temporary workaround, consider restricting the ability to create and build GitHub Pages sites on the GitHub Enterprise Server instance until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Ceph Object Gateway (affected versions not specified) **Description** The issue is related to the Ceph Object Gateway, which supports requests from anonymous users in Amazon S3. This could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. The flaw may allow a remote attacker to impact data integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 13.3 Apple iPadOS versions prior to 13.3 Apple tvOS versions prior to 13.3 Apple watchOS versions prior to 6.1.1 Apple Safari versions prior to 13.0.4 Apple iTunes for Windows versions prior to 12.10.3 Apple iCloud for Windows versions prior to 10.9 **Description** Multiple memory corruption issues were addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For Apple iOS versions prior to 13.3, update to iOS 13.3 or later. For Apple iPadOS versions prior to 13.3, update to iPadOS 13.3 or later. For Apple tvOS versions prior to 13.3, update to tvOS 13.3 or later. For Apple watchOS versions prior to 6.1.1, update to watchOS 6.1.1 or later. For Apple Safari versions prior to 13.0.4, update to Safari 13.0.4 or later. For Apple iTunes for Windows versions prior to 12.10.3, update to iTunes 12.10.3 or later. For Apple iCloud for Windows versions prior to 10.9, update to iCloud for Windows 10.9 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12 tvOS versions prior to 12 Safari versions prior to 12 iTunes versions prior to 12.9 for Windows iCloud for Windows versions prior to 7.7 Description: Multiple memory corruption issues were addressed with improved memory handling. Recommendations: For iOS versions prior to 12, update to iOS 12 or later. For tvOS versions prior to 12, update to tvOS 12 or later. For Safari versions prior to 12, update to Safari 12 or later. For iTunes versions prior to 12.9 for Windows, update to iTunes 12.9 or later for Windows. For iCloud for Windows versions prior to 7.7, update to iCloud for Windows 7.7 or later.

**Name of the Vulnerable Software and Affected Versions** QEMU versions 3.0.0 **Description** The issue is related to the tcp emu component in the QEMU hardware emulator, specifically in the slirp/tcp subr.c file. It involves the incorrect initialization of data in snprintf calls. Exploitation of this issue may allow an attacker to disclose protected information. **Recommendations** For QEMU version 3.0.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.8.31 **Description** The issue is related to a stack-based buffer overflow in the privileged sudo process when the pwfeedback option is enabled in /etc/sudoers. This option is not enabled by default but is active in some distributions like Linux Mint and Elementary OS. An attacker can trigger the buffer overflow by delivering a long string to the stdin of getln() in tgetpass.c. This can potentially allow a low-privileged user to execute arbitrary commands with root privileges. **Recommendations** To resolve the issue, update to Sudo version 1.8.31 or later. As a temporary workaround, consider disabling the pwfeedback option in /etc/sudoers to minimize the risk of exploitation.