>> ARCHIVE: 2020-02

macOS and iOS suffer from a race condition in XNU’s mk_timer_create_trap() that can lead to type confusion.

The XNU function IOUserClient::_sendAsyncResult64() discloses the address of the ipc_port to which the notification is sent in the Mach message enqueued on the notification port.

systemd has an issue in systemd-machined where it decrements the reference count when references are still held.

macOS and iOS have an ImageIO heap corruption issue when processing malformed PVR images.

macOS and iOS suffer from an ImageIO out-of-bounds read when processing PVR images.

macOS and iOS suffers from an out-of-bounds timestamp write in IOAccelCommandQueue2::processSegmentKernelCommand().

usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctp_load_addresses_from_init function of usersctp that can lead to a number of out-of-bound…

ELAN Smart-Pad version 11.10.15.1 suffers from an unquoted service path vulnerability.

VIM version 8.2 suffers from a denial of service vulnerability.

AbsoluteTelnet version 11.12 suffers from multiple denial of service vulnerabilities.