Anton Ivanov

**Nome do software vulnerável e versões afetadas** Versões do kernel Linux anteriores à 6.12.0-rc6-g59b723cd2adb **Descrição** Uma vulnerabilidade no kernel do Linux foi resolvida. O problema está relacionado ao uso de drvdata na versão, que não está disponível, causando uma falha ao remover um dispositivo de rede. A falha resulta em um kernel panic devido a um segfault sem mm. A vulnerabilidade é resolvida usando container of() para obter a instância uml net em vez de drvdata. **Recomendações** Para versões do kernel Linux anteriores à 6.12.0-rc6-g59b723cd2adb, atualize para uma versão mais recente para resolver o problema. Como solução temporária, considere desativar a remoção de dispositivos de rede para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue involves the insecure generation of landscape cryptographic keys due to the use of a weak pseudo-random generator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Landscape (affected versions not specified) **Description** The issue concerns a data leak from Landscape's server-status page, which exposes sensitive system information. This leak includes GET requests that contain information, potentially allowing attackers to exploit and leak further information from the Landscape API. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Landscape (affected versions not specified) **Description** The issue is related to open redirection caused by allowed URLs in Landscape. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 78.0.3904.87 **Description** The issue is related to a use after free in WebAudio, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. The vulnerability has been exploited in real-world attacks. **Recommendations** For Google Chrome versions prior to 78.0.3904.87, update to version 78.0.3904.87 or later to resolve the issue. As a temporary workaround, consider restricting access to WebAudio components until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 21.0.0.242 and earlier **Description** The issue is related to errors in the code of the Flash Player platform, allowing a remote attacker to execute arbitrary code. This has been exploited in the wild, with active exploitation reported in June 2016. The vulnerability can be exploited through unknown vectors, enabling remote attackers to execute arbitrary code. **Recommendations** For Adobe Flash Player versions 21.0.0.242 and earlier, update to a version later than 21.0.0.242 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.