A heap-based buffer over write vulnerability was found in GhostScript’s lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Category Archives: Advisories
CVE-2020-27793
An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.
CVE-2020-27794
A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.
CVE-2020-27795 (radare2)
A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command “adf” has no or wrong argument, anal_fcn_data (core, input + 1) –> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).
Re: typeorm CVE-2022-33171
Posted by Tobias Schneider on Aug 19
Someone should tell Snyk about the risks of “Supply Chain vulnerabilities”
…
(and yes this is a vulnerability, nice find!)
LoL’ing at Maintainer.
Cheers, @haxel0rd.
Trovent Security Advisory 2110-01 / Insecure data storage in Polar Flow Android application
Posted by Stefan Pietsch on Aug 19
# Trovent Security Advisory 2110-01 #
#####################################
Insecure data storage in Polar Flow Android application
#######################################################
Overview
########
Advisory ID: TRSA-2110-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2110-01
Affected product: Polar Flow Android mobile application (fi.polar.polarflow)
Affected version: 5.7.1
Vendor:…
APPLE-SA-2022-08-18-1 Safari 15.6.1
Posted by Apple Product Security via Fulldisclosure on Aug 19
APPLE-SA-2022-08-18-1 Safari 15.6.1
Safari 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213414.
WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: An out-of-bounds write issue was…
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1
Posted by Apple Product Security via Fulldisclosure on Aug 19
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1
iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with…
APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1
Posted by Apple Product Security via Fulldisclosure on Aug 19
APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1
macOS Monterey 12.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213413.
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed…
[CVE-2022-2536] Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass
Posted by Julien Ahrens (RCE Security) on Aug 19
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-23
Date published: 2022-08-16
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2536
2. CREDITS…