Moony Li

**Nome do software vulnerável e versões afetadas** Driver de CD-ROM do Windows (versões afetadas não especificadas) **Descrição** O problema está relacionado ao gerenciamento inseguro de privilégios no driver de CD-ROM do Windows, o que pode ser explorado para elevar privilégios. Isso permite que um invasor comprometa o sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: Versões do Qualcomm Snapdragon (versões afetadas não especificadas) Descrição: O problema está relacionado a uma possível vulnerabilidade de uso após liberação (use after free) ao acessar o ponteiro de link a partir de dados privados do dispositivo, devido à falta de proteção de recursos. Isso afeta vários produtos Qualcomm Snapdragon, incluindo Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile, Snapdragon Voice & Music e Snapdragon Wearables, em chipsets específicos como APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150 e SXR1130. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.15 **Description** A logic issue was addressed with improved restrictions, which may allow a malicious application to determine kernel memory layout. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.14.6 **Description** A validation issue was addressed with improved input sanitization, allowing an application to potentially read restricted memory. **Recommendations** For versions prior to 10.14.6, update to macOS Mojave 10.14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 **Description** A validation issue was addressed with improved input sanitization, allowing an application to potentially read restricted memory. **Recommendations** For versions prior to 10.14.6, update to macOS Mojave 10.14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.5 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. The issue is related to a double free privilege escalation vulnerability in the AMDRadeonX4000 AMDSIGLContext, specifically with the discard StretchTex2Tex function. **Recommendations** For versions prior to 10.14.5, update to macOS Mojave 10.14.5 to resolve the issue. As a temporary workaround, consider restricting access to the AMDRadeonX4000 AMDSIGLContext module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.5 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. The issue is related to an untrusted pointer dereference privilege escalation. **Recommendations** For versions prior to 10.14.5, update to macOS Mojave 10.14.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.4 **Description** The issue involves an out-of-bounds read that can be addressed with improved bounds checking. This allows an application to potentially read restricted memory, which could lead to information disclosure. **Recommendations** For versions prior to 10.14.4, update to macOS Mojave 10.14.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.2 **Description** A validation issue was addressed with improved input sanitization. **Recommendations** For versions prior to 10.14.2, update to macOS Mojave 10.14.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.1 **Description** The issue involves the `ATS` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted font. This is caused by a buffer overflow in memory. **Recommendations** For macOS versions prior to 10.12.1, update to version 10.12.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ATS` component until a patch is available. Avoid using crafted fonts in affected systems to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 Apple OS X versions prior to 10.12 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later. For Apple OS X versions prior to 10.12, update to version 10.12 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.12 **Description** The issue allows an attacker to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. This can be achieved via a crafted app. **Recommendations** For Apple OS X versions prior to 10.12, update to version 10.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.12 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. **Recommendations** For versions prior to 10.12, update to version 10.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.6 **Description** The issue allows local users to obtain sensitive kernel memory-layout information or cause a denial of service via unspecified vectors, potentially related to a use-after-free privilege escalation vulnerability in the DspFuncLib component. **Recommendations** For versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Disk Utility in Apple OS X versions prior to 10.11.5 **Description** The issue is related to the use of incorrect encryption keys for disk images in the Disk Utility component of Mac OS X. This could potentially allow a remote attacker to impact the confidentiality of information. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to a buffer overflow in the AppleGraphicsPowerManagement component, which can be exploited by attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 Apple watchOS versions prior to 2.2.1 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. This is caused by a buffer overflow in the Disk Images subsystem of the operating systems. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For Apple watchOS versions prior to 2.2.1, update to version 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is caused by a buffer overflow in the Graphics Drivers subsystem of the operating system. This can be exploited by a remote attacker using a specially crafted application, potentially allowing them to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.