APPLE-SA-2022-05-16-8 Xcode 13.4

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-8 Xcode 13.4

Xcode 13.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213261.

Git
Available for: macOS Monterey 12 or later
Impact: On multi-user machines Git users might find themselves
unexpectedly in a Git worktree
Description: A logic issue was addressed with improved state
management.
CVE-2022-24765: 俞晨东

IDE
Available for: macOS Monterey 12…

Read More

CVE-2022-24108: OpenCart’s plugin “So Listing Tabs” <= 2.2.0 Deserialization of Untrusted Data

Read Time:20 Second

Posted by Denis Mironov on May 16

[-] Affected Versions:

Version 2.2.0 is affected, and prior versions are likely affected too.

[-] Vulnerabilities Description:

Vulnerable component is switching to another tab. To exploit
vulnerability, an attacker may send a POST request (with
application/x-www-form-urlencoded content-type) to AJAX endpoint
(usually “/index.php”) with “is_ajax_listing_tabs” parameter set to
“1” and “setting” parameter…

Read More

DSA-5137 needrestart – security update

Read Time:16 Second

Jakub Wilk discovered a local privilege escalation in needrestart, a
utility to check which daemons need to be restarted after library
upgrades. Regular expressions to detect the Perl, Python, and Ruby
interpreters are not anchored, allowing a local user to escalate
privileges when needrestart tries to detect if interpreters are using
old source files.

Read More