CVE-2020-9779

CVE-2020-9779 is an out-of-bounds read vulnerability in macOS components fixed in macOS Catalina 10.15.4. The issue could allow a local user to terminate a sandboxed process or read kernel memory. Public sources (NVD) describe the flaw as addressed by input validation improvements and patching in...

CVE-2020-9779

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory...

USN-4591-1 linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

Microsoft Windows Uninitialized Variable Local Privilege Elevation

This module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitalized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing this...

CVE-2020-9964

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory...

CVE-2020-9958

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory...

CVE-2020-9964

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory...

CVE-2020-9909

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

Input validation

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory...

Design/Logic Flaw

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory...

CVE-2020-9964

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory...

CVE-2020-9964

CVE-2020-9964 describes a memory initialization issue in iOS/iPadOS that could allow a local user to read kernel memory. Apple attributes the fix to iOS 14.0 and iPadOS 14.0 with improved memory handling. Connected sources corroborate the vulnerability as an Apple memory initialization/out-of-bou...

CVE-2020-9958

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory...

CVE-2020-9958

CVE-2020-9958 is an Apple iOS/iPadOS vulnerability described as an out-of-bounds write that could cause an application to terminate unexpectedly or write to kernel memory. According to connected sources, the issue is addressed in iOS 14.0 and iPadOS 14.0, with Apple’s security content confirming ...

CVE-2020-9918

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory...

Microsoft Windows Uninitialized Variable Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' require 'msf/core/post/windows/priv' class MetasploitModule 'Microsoft Windows Uninitialized Variable Local...

Microsoft Windows Uninitialized Variable Local Privilege Escalation Exploit

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing...

PT-2020-4274 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An information disclosure issue exists due to the Windows kernel's improper initialization of objects in memory. To exploit this, an authenticated attacker could run a specially crafted...

Vulnerability of the object processing function in the kernel memory of the Windows operating system, allowing attackers to gain access to protected information

The vulnerability of the object processing function in the kernel memory of the Windows operating system is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information...

kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c

An out of bounds OOB memory access flaw was found in i2csmbusxferemulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length data-block0 greater than 'I2CSMBUSBLOCKMAX + 1' may cause underlying I2C driver write out of array's boundary. This could allow a local attacker wi...