Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-5 tvOS 15.6

tvOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213342.

APFS
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…

Read More

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina

Security Update 2022-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213343.

APFS
Available for: macOS Catalina
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…

Read More

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

macOS Big Sur 11.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213344.

APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)…

Read More

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.

APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code…

Read More

Posted by Martin Heiland via Fulldisclosure on Jul 21

Dear subscribers,

we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable…

Read More

Posted by malvuln on Jul 21

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Eclipse.h
Vulnerability: Weak Hardcoded Credentials
Family: Eclipse
Type: PE32
MD5: 8b470931114527b4dce42034a95ebf46
Vuln ID: MVID-2022-0625
Disclosure: 07/21/2022
Description: The malware listens on TCP port 6210 and…

Read More

FEDORA-2022-4b5537c44c

Packages in this update:

golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36
golang-github-facebook-time-0-0.9.20220615git8413c32.fc36
golang-github-hpcloud-tail-1.0.0-11.20190325gita1dbeea.fc36
golang-github-stomp-3-3.0.2-4.fc36
onionscan-0.2-12.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Read More

Two cross-site scripting vulnerabilities were discovered in the Django
Rest Framework, a toolkit to build web APIs.

Read More

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in the execution of arbitrary Java bytecode or the
bypass of the Java sandbox.

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More