Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.

APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code…

Read More

Posted by Martin Heiland via Fulldisclosure on Jul 21

Dear subscribers,

we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable…

Read More

Posted by malvuln on Jul 21

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Eclipse.h
Vulnerability: Weak Hardcoded Credentials
Family: Eclipse
Type: PE32
MD5: 8b470931114527b4dce42034a95ebf46
Vuln ID: MVID-2022-0625
Disclosure: 07/21/2022
Description: The malware listens on TCP port 6210 and…

Read More

FEDORA-2022-4b5537c44c

Packages in this update:

golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36
golang-github-facebook-time-0-0.9.20220615git8413c32.fc36
golang-github-hpcloud-tail-1.0.0-11.20190325gita1dbeea.fc36
golang-github-stomp-3-3.0.2-4.fc36
onionscan-0.2-12.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Read More

Two cross-site scripting vulnerabilities were discovered in the Django
Rest Framework, a toolkit to build web APIs.

Read More

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in the execution of arbitrary Java bytecode or the
bypass of the Java sandbox.

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Catalina is the 16th major release of macOS
macOS Big Sur is the 17th release of macOS.
macOS Monterey is the 18th and current major release of macOS.
Safari is a graphical web browser developed by Apple.
tvOS is an operating system for fourth-generation Apple TV digital media player.
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

FEDORA-2022-ce08b1c643

Packages in this update:

mingw-poppler-22.01.0-6.fc36

Update description:

Backport fix for CVE-2022-27337.

Read More

FEDORA-2022-964883b2a5

Packages in this update:

giflib-5.2.1-14.fc36

Update description:

Apply proposed patch for CVE-2022-28506.

Read More