Cloudfuzzer

**Nome do software vulnerável e versões afetadas** Versões do D6100 anteriores à 1.0.0.57 Versões do R6100 anteriores à 1.0.1.20 Versões do R7500v2 anteriores à 1.0.3.24 Versões do WNDR4300v2 anteriores à 1.0.0.50 Versões do WNDR4500v3 anteriores à 1.0.0.50 **Descrição** O problema está relacionado à injeção de comando por um invasor não autenticado. **Recomendações** Para versões do D6100 anteriores à 1.0.0.57, atualize para a versão 1.0.0.57 ou posterior. Para versões do R6100 anteriores à 1.0.1.20, atualize para a versão 1.0.1.20 ou posterior. Para versões do R7500v2 anteriores à 1.0.3.24, atualize para a versão 1.0.3.24 ou posterior. Para versões do WNDR4300v2 anteriores à 1.0.0.50, atualize para a versão 1.0.0.50 ou posterior. Para versões do WNDR4500v3 anteriores à 1.0.0.50, atualize para a versão 1.0.0.50 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 74.0.3729.108 **Description** The issue is related to a use after free vulnerability in the Blink rendering engine of Google Chrome, which can be exploited by a remote attacker. This can potentially lead to heap corruption via a crafted HTML page, allowing the attacker to impact data integrity, gain unauthorized access to protected information, and cause a denial of service. **Recommendations** For versions prior to 74.0.3729.108, update to version 74.0.3729.108 or later to resolve the issue. As a temporary workaround, consider avoiding the use of potentially crafted HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is caused by an integer overflow in the Blink component of Google Chrome, leading to a heap buffer overflow. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is related to an incorrect object lifecycle in WebAudio, which can lead to heap corruption. A remote attacker can exploit this by using a specially crafted HTML page, potentially affecting the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is related to incorrect handling of stylesheets, leading to a use after free in Blink. This could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, impacting the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 69.0.3497.81 **Description** The issue is related to a use after free in the Blink mechanism of Google Chrome, which can lead to heap corruption. A remote attacker can potentially exploit this by using a specially crafted HTML page, resulting in a denial of service. **Recommendations** For versions prior to 69.0.3497.81, update to version 69.0.3497.81 or later to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 64.0.3282.119 **Description** A heap buffer overflow issue in WebGL allows a remote attacker to perform an out of bounds memory read via a crafted HTML page. This could potentially enable attackers to view memory contents beyond the intended boundaries. The issue affects Google Chrome and potentially other browsers like Opera, allowing remote attackers to exploit it by using a specially crafted HTML page. **Recommendations** For Google Chrome versions prior to 64.0.3282.119, update to version 64.0.3282.119 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.59 Google Chrome for Android version prior to 54.0.2840.85 Opera (affected versions not specified) **Description** The issue allows a remote attacker to perform an out of bounds memory read via crafted HTML pages due to incorrect allowance of reentrance of `FrameView::updateLifecyclePhasesInternal()`. **Recommendations** For Google Chrome versions prior to 54.0.2840.59, update to version 54.0.2840.59 or later. For Google Chrome for Android version prior to 54.0.2840.85, update to version 54.0.2840.85 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 52.0.2743.82 Opera (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink. This vulnerability can be exploited by remote attackers using crafted JavaScript code that involves an @import at-rule in a Cascading Style Sheets (CSS) token sequence, in conjunction with a rel=import attribute of a LINK element. The exploitation can cause a denial of service or possibly have other unspecified impacts. **Recommendations** For Google Chrome versions prior to 52.0.2743.82, update to version 52.0.2743.82 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 49.0.2623.87 Opera (affected versions not specified) **Description** The issue is related to the ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, which does not properly maintain the user agent shadow DOM. This allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." **Recommendations** For Google Chrome versions prior to 49.0.2623.87, update to version 49.0.2623.87 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 49.0.2623.75 Opera (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function. This vulnerability can be exploited by a remote attacker using a specially crafted web site, potentially causing a denial of service or other unspecified impact. The vulnerability is triggered by Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action. **Recommendations** For Google Chrome versions prior to 49.0.2623.75, update to version 49.0.2623.75 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 48.0.2564.82 Opera (affected versions not specified) **Description** The issue is related to the LoadIC::UpdateCaches function in the Google V8 module, which does not ensure receiver compatibility before performing a cast of an unspecified variable. This allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. **Recommendations** For Google Chrome versions prior to 48.0.2564.82, update to version 48.0.2564.82 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.80 Opera (affected versions not specified) **Description** The issue is related to a race condition in the MutationObserver implementation in Blink. This can be exploited by remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. The vulnerability exists due to insufficient checking of the resource state when it is possible to share the resource. **Recommendations** For Google Chrome versions prior to 47.0.2526.80, update to version 47.0.2526.80 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue is related to the convolution implementation in Skia, which does not properly constrain row lengths. This allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 44.0.2403.89 Opera (affected versions not specified) **Description** The issue is caused by a buffer overflow in the dynamic memory of the Skia component, specifically in the SkPictureShader.cpp file. This can be exploited by a remote attacker using specially crafted input data, potentially leading to a denial of service (memory corruption) or other unspecified impacts. The exploitation requires access to a renderer process and the provision of crafted serialized data. **Recommendations** For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 43.0.2357.65 Opera (affected versions not specified) libvpx (affected versions not specified) **Description** The issue allows a remote attacker to cause a denial of service by initializing fields with a negative size through the use of specially crafted VP9 video frames. This is due to the libvpx code not being built with an appropriate --size-limit value. The attacker can trigger a negative value for a size field, potentially having unspecified other impacts. **Recommendations** For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of VP9 video data in affected browsers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 42.0.2311.90 Opera (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. This is related to the Skia component used in the affected browsers. **Recommendations** For Google Chrome versions prior to 42.0.2311.90, update to version 42.0.2311.90 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 38.0.2125.101 Opera versions prior to 25.0.1614.50 **Description** A use-after-free issue exists in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp, part of the DOM implementation in Blink. This allows remote attackers to cause a denial of service or possibly have other unspecified impacts via unknown vectors. **Recommendations** For Google Chrome versions prior to 38.0.2125.101, update to version 38.0.2125.101 or later. For Opera versions prior to 25.0.1614.50, update to version 25.0.1614.50 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 31.0.1650.48 Apple iTunes (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the core/dom/ContainerNode.cpp component of Blink, which is used in Google Chrome. This vulnerability can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. The vulnerability occurs due to improper handling of DOM range objects in circumstances that require child node removal after a mutation or blur event. **Recommendations** For Google Chrome versions prior to 31.0.1650.48, update to version 31.0.1650.48 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 30.0.1599.101 Apple iTunes (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function. This vulnerability can be exploited by user-assisted remote attackers to cause a denial of service or possibly have other unspecified impacts via vectors related to list elements. **Recommendations** For Google Chrome versions prior to 30.0.1599.101, update to version 30.0.1599.101 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.