Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Contacts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description:…

Read More

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.

Additional CVE entries to be added soon.

Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Kernel
Available…

Read More

Posted by Moritz Bechler on Sep 12

Advisory ID: SYSS-2022-041
Product: JasperReports Server
Manufacturer: TIBCO Software Inc.
Tested Version(s): 8.0.2 Community Edition
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2022-06-10
Solution Date: 2022-08-10
Public Disclosure: 2022-09-09
CVE Reference:…

Read More

Posted by Daniel Wood via Fulldisclosure on Sep 12

The Unqork Security team discovered multiple security vulnerabilities in
the Qualys Cloud Agent, to include arbitrary code execution.

CVE-2022-29549 (Arbitrary Code Execution)
https://nvd.nist.gov/vuln/detail/CVE-2022-29549

CVE-2022-29550 (Sensitive Information Disclosure)
https://nvd.nist.gov/vuln/detail/CVE-2022-29550

Read more:
https://www.unqork.com/resources/unqork-and-qualys-partner-to-resolve-zero-day-vulnerabilities…

Read More

FEDORA-2022-9b67d67195

Packages in this update:

libconfuse-3.3-7.fc35

Update description:

Patch for CVE-2022-40320

Read More

FEDORA-EPEL-2022-30932b0236

Packages in this update:

libconfuse-3.3-7.el9

Update description:

Patch for CVE-2022-40320

Read More

FEDORA-EPEL-2022-cd091ab1b1

Packages in this update:

libconfuse-3.3-7.el8

Update description:

Patch for CVE-2022-40320

Read More

FEDORA-2022-645dc53ee2

Packages in this update:

libconfuse-3.3-7.fc37

Update description:

Patch for CVE-2022-40320

Read More

FEDORA-2022-de992c68d0

Packages in this update:

libconfuse-3.3-7.fc36

Update description:

Patch for CVE-2022-40320

Read More

FEDORA-EPEL-2022-0d0a29e337

Packages in this update:

rubygem-rack-2.2.4-1.el9

Update description:

Update to Rack 2.2.4

Read More