Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
Category Archives: Advisories
CVE-2021-35109
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile
CVE-2021-35113
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
curl-7.82.0-8.fc36
FEDORA-2022-5131c26a69
Packages in this update:
curl-7.82.0-8.fc36
Update description:
control code in cookie denial of service (CVE-2022-35252)
curl-7.79.1-6.fc35
FEDORA-2022-20e0f8d1cd
Packages in this update:
curl-7.79.1-6.fc35
Update description:
control code in cookie denial of service (CVE-2022-35252)
curl-7.85.0-1.fc37
FEDORA-2022-97e8d1d29c
Packages in this update:
curl-7.85.0-1.fc37
Update description:
new upstream release, which fixes the following vulnerability
CVE-2022-35252 – control code in cookie denial of service
cloudcompare-2.11.3-4.fc37
FEDORA-2022-9cbdf39a5a
Packages in this update:
cloudcompare-2.11.3-4.fc37
Update description:
Security fix for CVE-2021-21897
cloudcompare-2.9.1-16.fc35
FEDORA-2022-9d17930140
Packages in this update:
cloudcompare-2.9.1-16.fc35
Update description:
Security fix for CVE-2021-21897
cloudcompare-2.11.3-4.fc36
FEDORA-2022-8d01b8b6d3
Packages in this update:
cloudcompare-2.11.3-4.fc36
Update description:
Security fix for CVE-2021-21897
Open-Xchange Security Advisory 2022-09-01
Posted by Martin Heiland via Fulldisclosure on Sep 01
Dear subscribers,
we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: MWB-1540
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable…