Ubuntu: Security Advisory (USN-4527-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple iOS Memory Initialization Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. in the United States. A security vulnerability exists in Apple iOS that stems from an out-of-bounds write issue resolved through improved boundary checking. An attacker could exploit the vulnerability to potentially cause...

Apple iOS Lock Screen Vulnerability

Apple iOS is an operating system for mobile devices developed by Apple Inc. in the United States. A security vulnerability exists in Apple iOS that stems from an out-of-bounds write issue resolved through improved boundary checking. An attacker could exploit the vulnerability to cause an unexpect...

PT-2020-20901 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.0 iPadOS versions prior to 14.0 Description: A memory initialization issue was addressed with improved memory handling, allowing a local user to potentially read kernel memory. Recommendations: For iOS versions prior ...

About the security content of iOS 14.0 and iPadOS 14.0

About the security content of iOS 14.0 and iPadOS 14.0 This document describes the security content of iOS 14.0 and iPadOS 14.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

CVE-2020-10781

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hotadd file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user...

UBUNTU-CVE-2020-14304

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality...

CVE-2020-15137

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-b...

CVE-2020-15137 Integer overflow in HoRNDIS

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-b...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4439-1 advisory. It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An...

kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service

A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker with permissions to create tun/tap devices can create a denial of service and panic the system...

CVE-2020-11520

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution...

CVE-2020-11520

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution...

CVE-2020-11520

CVE-2020-11520 affects WinMagic SecureDoc

About the security content of tvOS 13.3.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CVE-2020-0223

This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450...

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block SMB protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code executio...

CVE-2020-9831

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout...

CVE-2020-9833

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory...

CVE-2020-9844

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory...