improper input validation – Qualys ThreatPROTECT

Amnesia:33 – Multiple Vulnerabilities in Open-Source TCP/IP Stacks

Posted by Neelam Kadbane on December 14, 2020

AMNESIA:33 is a study published by Forescout Research Labs under Project Memoria. The study consists of a report on 33 new vulnerabilities found in TCP/IP stacks used by multiple IoT, OT and IT device vendors. AMNESIA:33 affects multiple open-source TCP/IP stacks, which means a single vulnerability tends to spread easily and silently across multiple codebases, … Continue reading “Amnesia:33 – Multiple Vulnerabilities in Open-Source TCP/IP Stacks”

MacOS Catalina memory leakage vulnerability (CVE-2020-3847)

Posted by Dhiren Vaghela on April 7, 2020June 6, 2020

Summary: This time an out-of-bounds read vulnerability was observed in in macOS Catalina 10.15.3. that leads to memory leakage vulnerability. Description: The Vulnerability involved in this exploit is in the processing code of SDP (Service Discovery Protocol) data frames. This section briefly introduces the SDP frame, as follows: Image Source: 360 The first byte PDU … Continue reading “MacOS Catalina memory leakage vulnerability (CVE-2020-3847)”