Apple Security Advisory 2020-09-16-5 - Xcode 12.0 is now available and addresses a code execution vulnerability.
0f9f24437ee610dcd0ffba2b554069ca64830d85988a57f139b999368778dc87Apple Security Advisory 2020-09-16-4 - watchOS 7.0 is now available and addresses cross site scripting vulnerabilities.
7f2be0ff36ed50f74ec3888638f8ae775f5077dd53d9d1b8c3925c3c8b82ce89Apple Security Advisory 2020-09-16-3 - Safari 14.0 is now available and addresses code execution, cross site scripting, out of bounds write, and use-after-free vulnerabilities.
cae12a9373b83d218a96163e66f5f4bf1ba87f98cae36acd07e759d548a83cdbApple Security Advisory 2020-09-16-2 - tvOS 14.0 is now available and addresses cross site scripting vulnerabilities.
2c0cfb49a8acf362220ab9093a092bd0c1b1a10fe5bb67752992cccd85dde3e2Ubuntu Security Notice 4519-1 - Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code.
75af37b6c9762703332730a796750331200cb5cb8f6f04b59195da4f428847a8Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.
7fd9e27e217c184d9ba4d89012fdbb3e21ae0bc90b9b515446b2e0e9c773363aTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root. NC210 devices cannot be exploited directly via /setsysname.cgi due to proper input validation. NC210 devices are still vulnerable since swBonjourStartHTTP did not perform any validation when reading the alias name from the configuration file. The configuration file can be written, and code execution can be achieved by combining this issue with CVE-2020-12110.
820ebca1a60727c3c7198c5f8d186f030d053aca8aaa88544be3fdcb57017f5eThe Navy Federal site at navyfederal.org suffered from a cross site scripting vulnerability.
9139d239aff0e11b1a88e1a4303fccf0bce34f1d49073a50d2a694b0640107e6Ubuntu Security Notice 4517-1 - It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service.
0d797e79375d73b5524e94ff3a4eb33024ac16847fb2288f1c02bddeeaebcddeMantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.
c5bd41082422ed338ccc46ee3ad8d43820a3a1cd833484f28da741205e12c069SpamTitan version 7.07 suffers from an authenticated remote code execution vulnerability.
4234f62e0c44c2e3dad423c5cc769129588ffafbed80a16f8610281916cc3da9D-Link DGS-1210-28 suffers from a denial of service vulnerability.
1fcff2e0ab5633d0de2304376d33dafe34f1dc0823f5ddd9d8f8e6eff7f53ab6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed