-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-1 iOS 11.2.5
iOS 11.2.5 is now available and addresses the following:
Audio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted audio file may lead to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-4 tvOS 11.2.5
tvOS 11.2.5 is now available and addresses the following:
Audio
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3
iCloud for Windows 7.3 is now available and addresses the following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows
iTunes 12.7.3 for Windows is now available and addresses the
following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-3 watchOS 4.2.2
watchOS 4.2.2 is now available and addresses the following:
Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-5 Safari 11.0.3
Safari 11.0.3 is now available and addresses the following:
WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.3
Impact: Processing maliciously crafted web content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,
Security Update 2018-001 Sierra,
and Security Update 2018-001 El Capitan
macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and
Security Update 2018-001 El Capitan are now available and
DefenseCode ThunderScan SAST Advisory
SugarCRM Community Edition Multiple SQL Injection Vulnerabilities
Advisory ID: DC-2018-01-011
Advisory Title: SugarCRM Community Edition Multiple SQL Injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software:
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
===
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x