Memory corruption

A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious...

CVE-2019-8780

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout...

CVE-2020-9902

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout...

Memory corruption

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout...

CVE-2020-9853

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout...

CVE-2020-9902

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout...

CVE-2020-9902

CVE-2020-9902 is an out-of-bounds read vulnerability in Apple’s kernel component that could allow a malicious app to determine the kernel memory layout. The issue is fixed in iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, and watchOS 6.2.8. Connected Apple advisories cite kernel memo...

Vulnerability fixed in F5 BIG-IP

A vulnerability has been fixed in BIG-IP. The vulnerability allows a remote malicious party to enable kernel address space layout randomization KASLR. This gives the attacker access to system data. F5 has released updates to fix the vulnerability. More information can be found on the page below:...

Measuring & Improving Core Web Vitals

Google recently announced a proposed update to its search ranking algorithm: the Page Experience Update. This change, which launches in 2021, includes more performance signals in the ranking algorithm. A subtle but important feature of the update is that AMP will no longer be a requirement for...

CVE-2020-2295

A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...

PT-2020-15524 · Jenkins · Jenkins Maven Cascade Release Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Cascade Release Plugin versions 1.3.2 and earlier Description: The issue concerns a lack of permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds,...

On the x86-64 architecture the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

...

About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CVE-2020-3679

u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

RUSTSEC-2020-0038 Memory safety issues in `compact::Vec`

compact::Vec contains multiple memory safety issues. 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit. 2. remove is not panic-safe and causes double-free when an index larger than the length is provided...

Memory safety issues in `compact::Vec`

compact::Vec contains multiple memory safety issues. 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit. 2. remove is not panic-safe and causes double-free when an index larger than the length is provided...

February 25, 2020—KB4537818 (OS Build 17763.1075)

February 25, 2020—KB4537818 OS Build 17763.1075 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates an issue that prevents the speech application from opening for severa...

Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome WebGL could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process. This vulnerability specifically...

CVE-2020-1578

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...