IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
Category Archives: Advisories
USN-5328-1: OpenSSL vulnerability
Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
USN-5327-1: rsh vulnerability
Hiroyuki Yamamori discovered that rsh incorrectly handled certain
filenames. If a user or automated system were tricked into connecting to a
malicious rsh server, a remote attacker could possibly use this issue to
modify directory permissions.
Post Title
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
GarageBand is an audio tool
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Logic Pro X is a digital audio workstation
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Xcode is Apple’s integrated development environment for macOS
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
cabal-rpm-2.0.11-1.fc34
FEDORA-2022-78559f99a9
Packages in this update:
cabal-rpm-2.0.11-1.fc34
Update description:
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
cabal-rpm-2.0.11-1.fc35
FEDORA-2022-429861c39a
Packages in this update:
cabal-rpm-2.0.11-1.fc35
Update description:
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213183.
Accelerate Framework
Available for: macOS Monterey
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
APPLE-SA-2022-03-14-2 watchOS 8.5
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-2 watchOS 8.5
watchOS 8.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213193.
Accelerate Framework
Available for: Apple Watch Series 3 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
iOS 15.4 and iPadOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213182.
Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to…
APPLE-SA-2022-03-14-3 tvOS 15.4
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-3 tvOS 15.4
tvOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213186.
AppleAVD
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
AVEVideoEncoder…