CVE-2020-3836

An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout...

CVE-2020-3836

CVE-2020-3836 is an Apple kernel memory-management issue disclosed as an access problem that could allow a malicious, local app to determine the kernel memory layout. The vulnerability affects multiple Apple OSes: iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2. ...

kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...

CVE-2019-8755

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine kernel memory layout...

CVE-2019-8540

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

CVE-2019-6207

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

Memory corruption

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

Memory corruption

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine kernel memory layout...

CVE-2019-8755

CVE-2019-8755 affects macOS Catalina 10.15 via an IOGraphics/kernel component issue. The description states a logic problem could allow a malicious local application to determine the kernel memory layout. Connected sources confirm this vulnerability is addressed by macOS 10.15 (the fix location i...

CVE-2019-8540

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

Apple iOS, iPadOS and tvOS Kernel Component Permission Logic Vulnerability (CNVD-2019-46957)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple iPadOS is an operating system for iPad tablets.Kernel is one of the kernels. A security vulnerability exists in the Kernel component of Apple iOS before 13.1, iPadOS before 13.1, and tvOS...

Apple macOS Catalina IOGraphics Component Logic Vulnerability

Apple macOS Catalina is a proprietary operating system developed by Apple Inc. for Mac computers.IOGraphics is one of the input and output graphics components. A security vulnerability exists in the IOGraphics component in Apple macOS Catalina versions prior to 10.15. An attacker can exploit this...

macOS < 10.15 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is prior to 10.15. It is, therefore, affected by multiple vulnerabilities. - An application may be able to execute arbitrary code with kernel privileges CVE-2019-8748 - Multiple issues in PHP CVE-2019-11041, CVE-2019-11042 - Processing...

For a suspected CVE-2016-0189 the original attack sample debugging-vulnerability warning-the black bar safety net

Last year at the end of 10, I get a public view is not quite the same as CVE-2016-0189 the use of samples. Preliminary analysis, I think this should be the year CVE-2016-0189 of the original Attack File. Its confused approach and subsequent occurrence of CVE-2017-0149, CVE-2018-8174, CVE-2018-837...

Information Disclosure

Linux kernel is vulnerable to information disclosure vulnerability. This is because the movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. A local attacker could learn the memory layout of a setuid executable allowing mitigation of ASL...

Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

Apple iOS, tvOS and macOS Mojave Kernel Out-of-Bounds Read Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple macOS Mojave is a specialized operating system developed for Mac computers.Kernel is a kernel component. An out-of-bounds read vulnerability exists in the Kernel component in Apple...

macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002)

The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - An application may be able to execute arbitrary code with kernel privileges. CVE-2019-8529 - A local user may be able to read kernel memory. CVE-2019-8504 ...

All Intel processors are facing new attacks SPOILER, the software level is no solution-vulnerability warning-the black bar safety net

Researchers at Intel memory subsystem private implementation found address speculation of a vulnerability, it will leak memory layout information, flipping the bits of the Rowhammer attack easier to perform. SPOILER attack is different from the raging Spectre attack, it does not mention the right...

Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Executive summary Adobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific...