Debian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.

Debian Linux Security Advisory 4524-1 - Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons.

Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.

This is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.

Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.

Red Hat Security Advisory 2020-1080-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Issues addressed include OpenPGP signature spoofing and certificate errors being ignored.

Red Hat Security Advisory 2020-1600-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2020-1047-01 - The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Issues addressed include crash and out of bounds read vulnerabilities.

Red Hat Security Advisory 2020-1084-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2020-1167-01 - Network Block Device is a protocol for accessing hard disks and other disk-like devices over the network. The nbdkit toolkit utilizes NBD to create servers with minimal dependencies. The package contains plug-in support for the C and Python programming languages. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-1081-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. Issues addressed include denial of service and null pointer vulnerabilities.

Red Hat Security Advisory 2020-1045-01 - LFTP is a file transfer utility for File Transfer Protocol, Secure File Transfer Protocol, Hypertext Transfer Protocol, and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multiple files at the same time.

Gentoo Linux Security Advisory 202004-6 - A regression in GnuTLS breaks the security guarantees of the DTLS protocol. Versions less than 3.6.13 are affected.

Red Hat Security Advisory 2020-1318-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1335-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1334-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1342-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2020-1445-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.3 serves as a replacement for Red Hat AMQ Broker 7.4.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

Red Hat Security Advisory 2020-1470-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

Red Hat Security Advisory 2020-1840-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2020-1878-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2020-1845-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2020-1998-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. An issue was addressed where the DTLS client hello contains a random value of all zeroes.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Delta Industrial Automation DCISoft version 1.12.09 suffers from a stack buffer overflow vulnerability.

Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.

Secunia Security Advisory - A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.

Secunia Security Advisory - Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.

IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.