Symantec Endpoint Protection versions 14.2.5323.2000, 14.2.5569.2100, and 14.2.5587.2100 suffer from a race condition vulnerability.

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.

Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019.

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Debian Linux Security Advisory 4584-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.

Red Hat Security Advisory 2020-1616-01 - Irssi is a modular IRC client with Perl scripting. Issues addressed include a use-after-free vulnerability.

School ERP System version 1.0 suffers from a cross site request forgery vulnerability.

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

Online Job Portal version 1.0 suffers from a cross site request forgery vulnerability.

SOPlanning version 1.45 suffers from a cross site request forgery vulnerability.

Ice HRM version 26.2.0 suffers from a cross site request forgery vulnerability.

Easy2Pilot version 7 suffers from a cross site request forgery vulnerability.

CandidATS version 2.1.0 suffers from a cross site request forgery vulnerability.

Easy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.

Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.

HRSALE version 1.1.8 suffers from a cross site request forgery vulnerability.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.

Red Hat Security Advisory 2020-1050-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a cross site request forgery vulnerability.

P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.

QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.