Preface: Apple found memory vulnerability, since no additional information will be provided by vendor.
Does it relate to DUI (Dereference Under the Influence)?

What is DUI?
Attackers use the DUI vulnerability as a memory access service to mount attacks. Their aim to influence memory operations of isolated components through inputs to their public interface.

Apple Releases Multiple Security Updates:
Original release date: February 07, 2019

About the security content of iOS 12.1.4 – https://support.apple.com/en-us/HT209520

About the security content of macOS Mojave 10.14.3 Supplemental – Update – https://support.apple.com/en-us/HT209521

Preface: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

Background: A WAF is deployed to protect a specific web application or set of web applications. Generally, the common attacks such as cross-site scripting (XSS) and SQL injection will be under WAF protection. But in reality, XSS is hard to avoid.

New vulnerability found: Palo Alto Networks PAN-OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The following PAN-OS versions are affected:

PAN-OS 7.1.21 and prior
PAN-OS 8.0.14 and prior
PAN-OS 8.1.5 and prior

Official announcement shown as below: https://securityadvisories.paloaltonetworks.com/Home/Detail/140

Preface: Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery.

Technical background:
Multicast DNS (mDNS) is a protocol that uses packets similar to unicast DNS except sent over a multicast link to resolve hostnames.

Vulnerability found in Avahi:
The vulnerability exists because the affected software misses link-local checks, causing the multicast DNS (mDNS) protocol to respond to IPv6 unicast queries with source addresses that are not on-link.

Impact: Remote attacker to access sensitive information on a targeted system or conduct DDoS!

Remedy released finally: 22 Dec 2018
https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f

Remark: Happy Lunar New Year. Kung Hei Fat Choi!

Preface: Dynamic memory automatically reclaimed when the garbage collector no longer sees any live reference to it.

Description: A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.

Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass

My opinion: For memory that is not associated with a Scheme object, we cannot assume the new memory block can be freed by a garbage collection. FirePower run on top of Cisco ASA appliance.See below bug history, eventhough it is Cisco. The design is better to separate the Snort with CISCO ASA!

Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.

Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.

Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Official reference: https://www.phpmyadmin.net/security/PMASA-2019-2/

Preface: Programmer just spend 10 minutes write a python script then can listen UDP traffic. Even though we performing Google Search , the function is using Python code.

Information background:
Python has now become the most taught programming languages in Universities and Academica. Machine learning or artificial intelligence is learning Python because it is the primary language that makes tasks easier.

Vulnerability:
The security expert from Cisco Talos found that a vulnerability will be occured when python parser handling x509 certificate. A handshake failures result in skipping the call to getpeercert(). Under above circumstances, attacker can craft a x.509 certificate with both a blank distributionPoint and cRLIssuer causes a NULL pointer dereference. As a result a denial-of-service occur.

Official details: https://bugs.python.org/issue35746