-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-3 tvOS 13.2
tvOS 13.2 is now available and addresses the following:
Accounts
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-11 Additional information
for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1
iOS 13.1 and iPadOS 13.1 address the following:
AppleFirmwareUpdateKext
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update
2019-001 Mojave, Security Update 2019-006 High Sierra
macOS Catalina 10.15.1, Security Update 2019-001 Mojave,
Security Update 2019-006 High Sierra are now available and address
the follo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-10 Additional information
for APPLE-SA-2019-10-07-1 macOS Catalina 10.15
macOS Catalina 10.15 addresses the following:
AMD
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-4 watchOS 6.1
watchOS 6.1 is now available and addresses the following:
Accounts
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-8 Additional information
for APPLE-SA-2019-9-26-5 watchOS 6
watchOS 6 addresses the following:
Audio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code ex
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-6 Additional information
for APPLE-SA-2019-9-26-3 iOS 13
iOS 13 addresses the following:
Bluetooth
Available for: iPhone 6s and later
Impact: Notification previews may show on Bluetooth accessories even
when previews are disable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-9 Additional information
for APPLE-SA-2019-9-26-6 tvOS 13
tvOS 13 addresses the following:
AppleFirmwareUpdateKext
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kern
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-5 Safari 13.0.3
Safari 13.0.3 is now available and addresses the following:
WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2
iOS 13.2 and iPadOS 13.2 are now available and address the following:
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-10-29-7 Additional information
for APPLE-SA-2019-9-26-4 Safari 13
Safari 13 addresses the following:
WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead
__ _ _ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\\___/|_| \_|
SEC Consult Vulnerability Lab Security Advisory < 20191029-0 >
===
title: Authentication Bypass
product: eIDAS-Node
vulnerable version: <=v2.3 (v2.1 vulnerability #2)
fixed version: v2.3.1
Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC
As part of it's features, the Carel pCOWeb card exposes a Modbus
interface to the network. By design, Modbus does not provide
authentication, allowing to control the affected system.
Details
===
Product: HVAC units us
Advisory: Unsafe Storage of Credentials in Carel pCOWeb HVAC
The Carel pCOWeb card stores password hashes in the file "/etc/passwd",
allowing privilege escalation by authenticated users. Additionally,
plaintext copies of the passwords are stored.
Details
===
Product: HVAC units using the OE
15 matches
Mail list logo