Ubuntu Security Notice 4615-1 – It was discovered that Yerase’s TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service.
Joomla JomSocial component version 4.7.6 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 4613-1 – Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information.
Ubuntu Security Notice 4616-1 – Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting…
Ubuntu Security Notice 4614-1 – Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user.
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.