Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution

iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()

usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init

macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image

Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN

WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM

macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds

Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font

macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache

Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd

Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs

Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream