This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20
SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution – CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20
Hi,
earlier this year in February 2022, we published a technical security advisory –
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ – on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.
Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-9 Safari 16.2
Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-8 watchOS 9.2
watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.
Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)
AppleAVD
Available for: Apple Watch Series 4 and…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-7 tvOS 16.2
tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.
Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
and Apple TV HD
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)
AppleAVD…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.
BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft
DriverKit
Available for: macOS Big Sur
Impact: An app may be able to…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.
Bluetooth
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
BOM…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-4 macOS Ventura 13.1
macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.
Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)
AMD
Available for: macOS Ventura
Impact: An app may…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-3 iOS 16.1.2
iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type…
