Source
Packet Storm
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.
Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.
Debian Linux Security Advisory 5264-1 - It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file.
Red Hat Security Advisory 2022-7257-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images. Details are linked in the References section.
Gentoo Linux Security Advisory 202210-28 - A vulnerability has been discovered in exif which could result in denial of service. Versions less than 0.6.22 are affected.
Gentoo Linux Security Advisory 202210-27 - A vulnerability has been discovered in open-vm-tools which could allow for local privilege escalation. Versions less than 12.1.0 are affected.
Red Hat Security Advisory 2022-7191-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
Ubuntu Security Notice 5705-1 - Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. It was discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service.