CVE-2020-9863

CVE-2020-9863 affects Apple platforms (iOS 13.6/iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8). Description: a memory initialization issue was fixed via improved memory handling; impact: an application may execute arbitrary code with kernel privileges. Mitigation: apply the Appl...

USN-4592-1: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

USN-4591-1: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

kernel: net: bluetooth: information leak when processing certain AMP packets

An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP Alternate MAC-PHY Manager Protocol packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory o...

Microsoft Excel XLS File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS...

Microsoft Excel XLS File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS...

CVE-2020-16901

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

CVE-2020-16901

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Information disclosure

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

CVE-2020-9964

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory...

CVE-2020-9964

CVE-2020-9964 describes a memory initialization issue in iOS/iPadOS that could allow a local user to read kernel memory. Apple attributes the fix to iOS 14.0 and iPadOS 14.0 with improved memory handling. Connected sources corroborate the vulnerability as an Apple memory initialization/out-of-bou...

PT-2020-4274 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An information disclosure issue exists due to the Windows kernel's improper initialization of objects in memory. To exploit this, an authenticated attacker could run a specially crafted...

PT-2020-6454 · Apple · Ipados +3

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.0.1 watchOS versions prior to 7.1 iOS versions prior to 12.4.9 and prior to 14.2 watchOS versions prior to 6.2.9 and prior to 5.3.9 macOS Catalina versions prior to 10.15.7 Supplemental Update and prior to 10.15.7...

PT-2020-20901 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.0 iPadOS versions prior to 14.0 Description: A memory initialization issue was addressed with improved memory handling, allowing a local user to potentially read kernel memory. Recommendations: For iOS versions prior ...

CVE-2020-1592

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63312)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

PT-2020-3908 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An information disclosure issue exists due to improper initialization of objects in memory by the Windows kernel. To exploit this, an authenticated attacker could run a specially crafted...

USN-4488-1 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14346 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could...

DEBIAN-CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable...

CVE-2020-14347

CVE-2020-14347 affects the X.Org X server (xorg-server): a flaw that leaks uninitialized heap memory from the server to clients, potentially enabling information disclosure and, in elevated-privilege setups, ASLR bypass. Affected releases include Xorg-server prior to a patched version; multiple a...