Posted by Tobias Schneider on Aug 19
Someone should tell Snyk about the risks of “Supply Chain vulnerabilities”
…
(and yes this is a vulnerability, nice find!)
LoL’ing at Maintainer.
Cheers, @haxel0rd.
Posted by Stefan Pietsch on Aug 19
# Trovent Security Advisory 2110-01 #
#####################################
Insecure data storage in Polar Flow Android application
#######################################################
Overview
########
Advisory ID: TRSA-2110-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2110-01
Affected product: Polar Flow Android mobile application (fi.polar.polarflow)
Affected version: 5.7.1
Vendor:…
Posted by Apple Product Security via Fulldisclosure on Aug 19
APPLE-SA-2022-08-18-1 Safari 15.6.1
Safari 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213414.
WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: An out-of-bounds write issue was…
Posted by Apple Product Security via Fulldisclosure on Aug 19
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1
iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with…
Posted by Apple Product Security via Fulldisclosure on Aug 19
APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1
macOS Monterey 12.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213413.
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed…
Posted by Julien Ahrens (RCE Security) on Aug 19
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-23
Date published: 2022-08-16
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2536
2. CREDITS…
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
dotnet3.1-3.1.422-1.fc35
This is the August 2022 monthly update for .NET Core 3.1. This updates the .NET Core 3.1 SDK to 3.1.422 and Runtime to 3.1.28.
This update includes a fix for CVE 2022-34716.
dotnet3.1-3.1.422-1.fc36
This is the August 2022 monthly update for .NET Core 3.1. This updates the .NET Core 3.1 SDK to 3.1.422 and Runtime to 3.1.28.
This update includes a fix for CVE 2022-34716.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
