Ubuntu Security Notice 4149-1 - It was discovered that Unbound incorrectly handled certain NOTIFY queries. An attacker could possibly use this issue to cause a denial of service.
09f9cfa7dc31d778dac5daeb0e108477ccc6f66da492e0fa755ac7426b253bff
Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
6a7c2c77310c062987794cea58581f0c9165cca74089949df34cf416dec8d5f3
Red Hat Security Advisory 2019-2975-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Bluetooth BR/EDR encryption key negotiation attacks were addressed.
1235e2a7acc93c54c6e8db8b58a106abc75a8ae1dc21d4324a6241be5409b8a8
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
a0a425e6034950938c3346c539d51d80f5788cfa95f5584b394adeb591a11843
This Metasploit module exploits an unauthenticated HTTP POST SEH-based buffer overflow in File Sharing Wizard version 1.5.0.
5ba4934d2c6e2bc26de53ab037769cf889d219ee535dd367281aadff1d2fbd42
WebKit suffers from a same-origin policy bypass vulnerability in FrameLoader::clear.
334e5b8a59befbfda5f832467d0a3088d6e29ced2e3ce411870872bfc402e694
Red Hat Security Advisory 2019-2980-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
58df67f1d3c3ee439003b39d0be2e9a506c36b86b91c62d74ef9b923ae08852e
Apple Security Advisory 2019-10-07-3 - iCloud for Windows 10.7 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
8c0721b6cd1c6850d630ec21a0194e061a081691eea98bf32c61367f52fd48bf
Red Hat Security Advisory 2019-2978-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking issue has been addressed.
1d5c2956e676d04d3d4761fe7164c641c826acf901393e347da3b6e20abcacc2
Apple Security Advisory 2019-10-07-2 - iTunes for Windows 12.10.1 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
a50da9c93476e1a8416f8f9d096bf883c915df1249be2b70c1f3089b95de093c
Apple Security Advisory 2019-10-07-1 - macOS Catalina 10.15 is now available and addresses buffer overflow and code execution vulnerabilities.
46470c1654beb5b432d7623a4594d9db95d356ab30101f33d237b0df88fee0e2
Red Hat Security Advisory 2019-2977-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A rate limiting issue has been addressed.
aac9f1dcb750c44cf956e00d95ceaecf229abcc3ebbfa69652b51810f094faea
Red Hat Security Advisory 2019-2979-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include a buffer overflow vulnerability.
ee14858e70273310573a5f5f583f6115b32aceeda2695a50f06c4004a70b4dd7
Debian Linux Security Advisory 4539-2 - A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an old kernel. This does not affect Linux kernels shipped in Debian oldstable/stable, but may affect buster systems which are running on an older kernel.
2dc4b343e14b048c22bf6f31d15affc87eaa865439230298cca23ab22853f39f
Socomec DIRIS A-40 devices versions before 48250501 allow a remote attacker to get full access to a device via the /password.jsn URI.
16ab97af55d3fc1d27cd7abf2ca1d9e0663134c0198f09bc5fae39859c8f4710
OmniCenter version 12.1.1 suffers from a remote SQL injection vulnerability.
0b296d76f9a2e6eabb70ad9f4d5da4a6eda48b86f7e00c06f3ba1943626660c8
In libyal libfwsi versions prior to 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.
46e852d4c7c1971b5e6984b6483409bbb11e258031a5a6fb7803147f5c7a344d
RENPHO version 3.0.0 fails to encrypt in transit and due to this can disclose sensitive information and allow for man-in-the-middle attacks.
6a1c6c82f8f2d77c4029355706b177fb2a7b01fa5d30d65cf34b17238f45c6f0
20 bytes small Linux/ARM fork bombing shellcode.
817fbcb25dabcab53e270fd807a2b136612d260c448219c344e92fa102bc3944