CVE-2020-1617

This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface AFI / Advanced Forwarding Toolkit AFT. Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper...

CVE-2020-1617

This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface AFI / Advanced Forwarding Toolkit AFT. Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper...

CVE-2020-1617

CVE-2020-1617 affects Junos OS on non-AFI/AFT platforms. An improper memory initialization in the packet forwarding architecture can be triggered when a genuine packet is inspected by sFlow through a specific firewall policer, causing a reboot and, after reboot, a core file and another reboot on ...

RHEL 7 : python (RHSA-2020:1346)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

CVE-2019-12380

A flaw was found in the Linux kernel's implementation of UEFI. An attacker who can influence early-boot memory initialization could possibly influence firmware initialization and memory allocations, resulting in a panic of a guest or target system during early boot of that same system...

CVE-2020-3919

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3914

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory...

CVE-2020-3919

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3919

CVE-2020-3919 corresponds to a memory initialization issue in Apple IOHIDFamily that could allow a malicious application to execute arbitrary code with kernel privileges. Concrete details in connected documents show the vulnerability affecting Apple platforms and components across multiple OS lin...

CVE-2020-3914

CVE-2020-3914 describes a memory initialization issue that may allow an application to read restricted memory. Apple patches fix this in iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2, via improved memory handling. The linked Apple advisories corroborate the vulnerabili...

usrsctp: Out of bounds reads in sctp_load_addresses_from_init()

The Mozilla Foundation Security Advisory describes this flaw as: The inputs to sctploadaddressesfrominit are verified by sctparethereunrecognizedparameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a...

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

nbdkit: denial of service due to premature opening of back-end connection

A denial of service vulnerability was discovered in nbdkit. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and...

Memory Initialization Vulnerability in Kernel Component of Multiple Apple Products (CNVD-2020-22119)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple iPadOS is an operating system for iPad tablets.Kernel is one of the kernel components. A security vulnerability exists in the Kernel component of several Apple products. An attacker could...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

CVE-2020-8882

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-8882

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

USN-4306-1 dino-im vulnerabilities

It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs...