Wenxiang Qian

**Nome do software vulnerável e versões afetadas** Versões do software NVIDIA vGPU anteriores à 12.3 Versões do software NVIDIA vGPU anteriores à 11.5 Versões do software NVIDIA vGPU anteriores à 8.8 **Descrição** O software NVIDIA vGPU contém uma vulnerabilidade no driver do modo kernel do Virtual GPU Manager (nvidia.ko), na qual um ponteiro para um buffer do espaço do usuário não é validado antes de ser desreferenciado. Isso pode levar a uma negação de serviço. **Recomendações** Para versões anteriores à 12.3, atualize para a versão 12.3 ou posterior. Para versões anteriores à 11.5, atualize para a versão 11.5 ou posterior. Para versões anteriores à 8.8, atualize para a versão 8.8 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do driver NVIDIA vGPU anteriores à 12.2 Versões do driver NVIDIA vGPU anteriores à 11.4 **Descrição** O driver NVIDIA vGPU contém uma vulnerabilidade no driver do modo kernel do sistema convidado e no Virtual GPU Manager (plug-in vGPU), onde o comprimento de uma entrada não é validado. Isso pode levar à divulgação de informações, adulteração de dados ou negação de serviço. **Recomendações** Para versões anteriores à 12.2, atualize para a versão 12.2 ou posterior para resolver o problema. Para versões anteriores à 11.4, atualize para a versão 11.4 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do software NVIDIA vGPU anteriores à 12.2 Versões do software NVIDIA vGPU anteriores à 11.4 Versões do software NVIDIA vGPU anteriores à 8.7 **Descrição** O problema está relacionado a uma falha na validação do comprimento da entrada no Virtual GPU Manager (plug-in vGPU) do software NVIDIA vGPU. Isso pode potencialmente levar à divulgação de informações, adulteração de dados ou negação de serviço. **Recomendações** Para versões anteriores à 12.2, atualize para a versão 12.2 ou posterior para resolver o problema. Para versões anteriores à 11.4, atualize para a versão 11.4 ou posterior para resolver o problema. Para versões anteriores à 8.7, atualize para a versão 8.7 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to an out of bounds read in the SQLite data processing mechanism of Google Chrome. This could allow a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to uninitialized data in SQLite, which can lead to the disclosure of sensitive information. A remote attacker can exploit this by using a crafted HTML page to obtain potentially sensitive information from process memory. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to insufficient data validation in SQLite within Google Chrome, allowing a remote attacker to bypass defense-in-depth measures. This can be achieved via a crafted HTML page, potentially impacting data integrity. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to an out of bounds read in the SQLite data processing mechanism of Google Chrome. This could allow a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DPDK (affected versions not specified) **Description** A flaw was found in the vhost library in DPDK. The function `vhost user set inflight fd()` does not validate `msg->payload.inflight.num queues`, possibly causing out-of-bounds memory read/write. This could result in a crash of any software using the DPDK vhost library. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 75.0.3770.80 **Description** The issue is related to object lifecycle errors in the SwiftShader high-performance rendering system of Google Chrome. It allows a remote attacker to potentially perform out of bounds memory access via a crafted HTML page, which could lead to access of confidential data. **Recommendations** For versions prior to 75.0.3770.80, update to version 75.0.3770.80 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libcurl versions 7.36.0 through 7.64.0 MySQL Server versions 5.7.26 and earlier MySQL Server versions 8.0.15 and earlier **Description** The issue is caused by a stack-based buffer overflow in the function `Curl auth create ntlm type3 message()`, which generates the outgoing NTLM type-3 header. This function creates the request HTTP header contents based on previously received data. The check to prevent the local buffer from getting overflowed is implemented wrongly, using unsigned math, and does not prevent the overflow. The output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by a malicious or broken HTTP server. Such large response data needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. **Recommendations** For libcurl versions 7.36.0 through 7.64.0, consider disabling the `Curl auth create ntlm type3 message()` function until a patch is available. For MySQL Server versions 5.7.26 and earlier, update to a version later than 5.7.26. For MySQL Server versions 8.0.15 and earlier, update to a version later than 8.0.15. As a temporary workaround, restrict access to the NTLMv2 type-2 response header to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libcurl versions 7.36.0 through 7.64.0 **Description** The issue is caused by an integer overflow in the `ntlm decode type2 target` function, which handles incoming NTLM type-2 messages. This function does not validate incoming data correctly, leading to a heap buffer out-of-bounds read. A malicious or broken NTLM server could exploit this vulnerability, potentially causing a denial of service. **Recommendations** For libcurl versions 7.36.0 through 7.64.0, update to a version 7.64.0 or later to resolve the issue. As a temporary workaround, consider restricting access to NTLM type-2 messages to minimize the risk of exploitation. Avoid using the `ntlm decode type2 target` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.117 Opera (affected versions not specified) **Description** The issue allowed a remote attacker to cause the browser to execute scripts via a local non-HTML page by parsing documents as HTML in the Downloads feature. This could potentially lead to the execution of malicious scripts. **Recommendations** For Google Chrome versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.