information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
Category Archives: Advisories
CVE-2020-14126
Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213345.
APFS
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)…
APPLE-SA-2022-07-20-7 Safari 15.6
Posted by Apple Product Security via Fulldisclosure on Jul 21
Safari 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213341.
Safari Extensions
Available for: macOS Big Sur and macOS Catalina
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: The issue was addressed with improved UI handling.
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National
University
WebKit
Available for: macOS Big…
APPLE-SA-2022-07-20-6 watchOS 8.7
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-6 watchOS 8.7
watchOS 8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213340.
APFS
Available for: Apple Watch Series 3 and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available…
APPLE-SA-2022-07-20-5 tvOS 15.6
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-5 tvOS 15.6
tvOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213342.
APFS
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…
APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina
Security Update 2022-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213343.
APFS
Available for: macOS Catalina
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…
APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8
macOS Big Sur 11.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213344.
APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)…
APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6
iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.
APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code…
Open-Xchange Security Advisory 2022-07-21
Posted by Martin Heiland via Fulldisclosure on Jul 21
Dear subscribers,
we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable…