c-ares version 1.16.0 has an issue where ares_destroy() with pending ares_getaddrinfo() leads to a use-after-free condition.
1464ba2a11ec60f5b9714b8e26693d59iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().
880d5a7841d44d213ff1f1ca340b8776When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR.
6a5a0cbe8a76c5e374b2d723099f60cdThere is a stack buffer overflow in usrsctp when a server processes a skipped auth block from an incoming connection. Proof of concept exploit included.
f695f6ee0ee2bf74c0b85f014497b37fSeveral security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.
d2417f8af8ebed99ebd6fdfff7a2c153iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
cdd1c47241bd866a69b6c59cc0b23828Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.
9bde5356a44eb307d096d404cbcdc1d0The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.
0b1a6974a8c2118b0cb88077ae99fe29Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.
59b15e0413a1cb080644249586af9699The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.
1b90a8f7ec30889bdb9321cdf60bc14eSecureCRT suffers from a memory corruption vulnerability in CSI functions.
e90a6d22c2cdbe99b5796b3c3e382581Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.
8765bb50cd9ee3abccbc2fb01d8b87feAdobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.
a7f302c6df4c350ca29113200164e83bChrome suffers from a Typer::Visitor::TypeInductionVariablePhi type inference issue.
293e69e50741f8cbad5283dac07b0c15Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.
48173960a553b8ac2d2d1b4706631456Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.
b10f0f2bf1162cf416ade38ced936f86Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.
3f9f4d5bfc619d4b462f0ef931e31a05Firefox suffers from an out-of-bounds access vulnerability in js::ReadableStreamCloseInternal.
e4939c663c04ebd98c353cdec851448aChrome suffers from an out-of-bounds access vulnerability in ReadableStream::Close.
4c46f95d1539b549419377053d9c4c19WebKit has a data race condition in AudioArray::allocate that can lead to out-of-bounds access.
c2a83f90664d44d8317ce95d7a23c445WebRTC suffers from an out-of-bounds memory write in the method RtpFrameReferenceFinder::UpdateLayerInfoH264. This occurs when updating the layer info with the frame marking extension.
8491bafa68aebbbeaeec3108e1ccc8faChrome suffers from an issue where a data race in AudioArray::Allocate can lead to out-of-bounds access.
4fdac360982c541290848cba88dc91c7When WebRTC processes a packet using FEC, it does not adequately check bounds when zeroing the video timing extension.
e7646bc10c00f9249d8d1cbc7ec9e677The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).
ec4200ed138e11159b83e1a1d18ff6d3A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.
c958ad3ac0a7a989d1f7f2c9f24fadb6
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed