Posted by Stefan Pietsch on Aug 19

# Trovent Security Advisory 2110-01 #
#####################################

Insecure data storage in Polar Flow Android application
#######################################################

Overview
########

Advisory ID: TRSA-2110-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2110-01
Affected product: Polar Flow Android mobile application (fi.polar.polarflow)
Affected version: 5.7.1
Vendor:…

Read More

Posted by Apple Product Security via Fulldisclosure on Aug 19

APPLE-SA-2022-08-18-1 Safari 15.6.1

Safari 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213414.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: An out-of-bounds write issue was…

Read More

Posted by Apple Product Security via Fulldisclosure on Aug 19

APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1

iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with…

Read More

Posted by Apple Product Security via Fulldisclosure on Aug 19

APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1

macOS Monterey 12.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213413.

Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed…

Read More

Posted by Julien Ahrens (RCE Security) on Aug 19

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-23
Date published: 2022-08-16
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2536

2. CREDITS…

Read More

Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.

Read More

FEDORA-2022-c358d6206b

Packages in this update:

dotnet3.1-3.1.422-1.fc35

Update description:

This is the August 2022 monthly update for .NET Core 3.1. This updates the .NET Core 3.1 SDK to 3.1.422 and Runtime to 3.1.28.

This update includes a fix for CVE 2022-34716.

Read More

FEDORA-2022-21f203cd70

Packages in this update:

dotnet3.1-3.1.422-1.fc36

Update description:

This is the August 2022 monthly update for .NET Core 3.1. This updates the .NET Core 3.1 SDK to 3.1.422 and Runtime to 3.1.28.

This update includes a fix for CVE 2022-34716.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Read More