Apple tvOS 权限许可和访问控制问题漏洞

Apple tvOS is a smart TV operating system from Apple. The tvOS vulnerability is a permission and access control issue that arises from improper privilege management in the kernel subsystem of the operating system. A local attacker could use kernel privileges to execute arbitrary code on the syste...

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code...

CVE-2021-23133

CVE-2021-23133 is a race condition in the Linux kernel SCTP sockets (net/sctp/socket.c) prior to 5.12-rc8. If sctp_destroy_sock executes without sock_net(sk)->sctp.addr_wq_lock, an element is removed from the auto_asconf_splist list without proper locking, enabling a local attacker with networ...

CVE-2020-27921

A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges...

New 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3

A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ve...

Intel Graphics Driver Competitive Conditions Issue Vulnerability

Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A competitive condition issue vulnerability exists in Intel Graphics Driver, which arises because an application may be able to execute arbitrary code using kernel privileges. The following products and models are...

Apple iOS < 12.4.9 Multiple Vulnerabilities

Binary data appleios1249check.nbin...

About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c

An out of bounds OOB memory access flaw was found in i2csmbusxferemulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length data-block0 greater than 'I2CSMBUSBLOCKMAX + 1' may cause underlying I2C driver write out of array's boundary. This could allow a local attacker wi...

November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Ado...

Apple Patches Bugs Tied to Previously Identified Zero-Days

Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS...

Auto-Root-Exploit

It is an offensive tool for Linux kernel exploitation. The tool, Auto-Root-Exploit, targets various versions of the Linux kernel, specifically those between 2.6 and 2.6.31.5, with the primary focus on exploiting vulnerabilities in these versions. The tool's primary entry point is the autoroot.sh...

CVE-2019-8534

CVE-2019-8534 concerns a logic issue in macOS APFS that caused memory corruption. According to Apple and Red Hat/NVD references, the vulnerability could allow a malicious application to execute arbitrary code with kernel privileges. The fixed versions are macOS Mojave 10.14.4 and Security Updates...

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the...

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

CVE-2020-0404

In uvcscanchainforward of uvcdriver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

UBUNTU-CVE-2020-0404

In uvcscanchainforward of uvcdriver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-1034 Windows Kernel Elevation of Privilege Vulnerability

...

ASB-A-111893654

In uvcscanchainforward of uvcdriver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-17398

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...