Ubuntu Security Notice 5085-1 - It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2021-3638-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free vulnerabilities.

Apple Security Advisory 2021-09-20-10 - iTunes 12.12 for Windows addresses code execution vulnerabilities.

Ubuntu Security Notice 5086-1 - Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

OpenCats version 0.9.4-2 suffers from an XML external entity injection vulnerability.

Apple Security Advisory 2021-09-20-9 - iTunes U 3.8.3 addresses a code execution vulnerability.

E-Negosyo System version 1.0 suffers from a remote shell upload vulnerability.

E-Negosyo System version 1.0 suffers from a remote time-based blind SQL injection vulnerability.

Apple Security Advisory 2021-09-20-8 - Security Update 2021-005 Catalina addresses buffer overflow, bypass, code execution, denial of service, integer overflow, and out of bounds read vulnerabilities.

e107 CMS version 2.3.0 authenticated remote shell upload exploit.

Ubuntu Security Notice 5073-3 - Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code on systems with a joystick device registered. Various other issues were also addressed.

Apple Security Advisory 2021-09-20-7 - macOS Big Sur 11.6 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, and use-after-free vulnerabilities.

Online Reviewer System version 1.0 suffers from a remote shell upload vulnerability.

Red Hat Security Advisory 2021-3639-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free vulnerabilities.

South Gate Inn Online Reservation System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.

Apple Security Advisory 2021-09-20-6 - iOS 14.8 and iPadOS 14.8 addresses code execution, denial of service, integer overflow, and use-after-free vulnerabilities.

Apple Security Advisory 2021-09-20-5 - Safari 15 addresses code execution vulnerabilities.

Apple Security Advisory 2021-09-20-4 - Xcode 13 addresses multiple issues in nginx.

Sentry version 8.2.0 suffers from a remote code execution vulnerability.

Filerun version 2021.03.26 authenticated remote code execution exploit.

Ubuntu Security Notice 5071-3 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code on systems with a joystick device registered. Various other issues were also addressed.

Apple Security Advisory 2021-09-20-3 - tvOS 15 addresses code execution and denial of service vulnerabilities.

TotalAV version 5.15.69 suffers from an unquoted service path vulnerability.

Apple Security Advisory 2021-09-20-2 - watchOS 8 addresses code execution and denial of service vulnerabilities.