Overview
===
We identified several security issues in the ESIx virtual machine
monitor (VMM): a use-after-free (UAF) vulnerability in PVNVRAM, a
missing return value check in EHCI USB controller leading to private
heap information disclosure, and several OOB reads.
All issues have been fixed b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6
iOS 13.6 and iPadOS 13.6 are now available and address the following:
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Proces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update
2020-004 Mojave, Security Update 2020-004 High Sierra
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra are now available and address the
follo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-07-15-3 tvOS 13.4.8
tvOS 13.4.8 is now available and addresses the following:
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An ou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-07-15-4 watchOS 6.2.8
watchOS 6.2.8 is now available and addresses the following:
Audio
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-07-15-5 Safari 13.1.2
Safari 13.1.2 is now available and addresses the following:
Safari Downloads
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious attacker may be able to change th
SEC Consult Vulnerability Lab Security Advisory < 20200717-0 >
===
title: Multiple Vulnerabilities
product: WonderCMS
vulnerable version: <=3.1.0
fixed version: -
C
