Bo Qu

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.3 iPadOS versions prior to 15.3 watchOS versions prior to 8.4 tvOS versions prior to 15.3 Safari versions prior to 15.3 macOS Monterey versions prior to 12.2 **Description** A validation issue was addressed with improved input sanitization. Processing a maliciously crafted mail message may lead to running arbitrary javascript. The issue is related to insufficient input validation, which can be exploited by a remote attacker to impact data integrity. **Recommendations** For iOS versions prior to 15.3, update to iOS 15.3 or later. For iPadOS versions prior to 15.3, update to iPadOS 15.3 or later. For watchOS versions prior to 8.4, update to watchOS 8.4 or later. For tvOS versions prior to 15.3, update to tvOS 15.3 or later. For Safari versions prior to 15.3, update to Safari 15.3 or later. For macOS Monterey versions prior to 12.2, update to macOS Monterey 12.2 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Jet Red Database Engine and Access Connectivity Engine (affected versions not specified) **Description** The issue is related to incorrect code generation management in the Microsoft Jet Red Database Engine and Access Connectivity Engine of Microsoft Windows operating systems. It allows a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** A vulnerability in Microsoft Office exists due to insufficient input validation. Exploitation of this issue may allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.0.1 **Description** An access issue was addressed with improved access restrictions. Processing a maliciously crafted document may lead to a cross site scripting attack. **Recommendations** For versions prior to 11.0.1, update to macOS Big Sur 11.0.1 to resolve the issue. As a temporary workaround, consider avoiding the processing of maliciously crafted documents until the update is applied.

Name of the Vulnerable Software and Affected Versions: Windows Jet Database Engine (affected versions not specified) Description: A remote code execution issue exists due to the improper handling of objects in memory by the Windows Jet Database Engine. This could allow an attacker to execute arbitrary code on a victim system by enticing the victim to open a specially crafted file. The issue is also described as a buffer overflow vulnerability in the Microsoft JET Database Engine. The vulnerability enables remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK+ versions prior to 2.12.5-0ubuntu0.16.04.1 **Description** A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. **Recommendations** Update the system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-dev - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 - 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-doc - 2.12.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-bin - 2.12.5-0ubuntu0.16.04.1 gir1.2-webkit2-4.0 - 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-dev - 2.12.5-0ubuntu0.16.04.1 Run `sudo pro fix USN-3079-1` to fix the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 Apple watchOS versions prior to 2.2.1 **Description** The issue is caused by a buffer overflow in the OpenGL component. This can be exploited by a remote attacker using a specially crafted website, potentially allowing them to execute arbitrary code or cause a denial of service due to memory corruption. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For Apple watchOS versions prior to 2.2.1, update to version 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS and Safari (affected versions not specified) **Description** The issue is caused by a buffer overflow in the WebKit component. It can be exploited by a remote attacker using a specially crafted website, potentially allowing them to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 Apple tvOS versions prior to 9.1 Apple watchOS versions prior to 2.1 **Description** The issue is caused by a buffer overflow in the OpenGL component, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For Apple tvOS versions prior to 9.1, update to version 9.1 or later. For Apple watchOS versions prior to 2.1, update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 Apple tvOS versions prior to 9.1 Apple watchOS versions prior to 2.1 **Description** The issue is caused by a buffer overflow in the OpenGL component, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For Apple tvOS versions prior to 9.1, update to version 9.1 or later. For Apple watchOS versions prior to 2.1, update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by improper access to objects in memory, which could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 10 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by incorrect access to objects in memory, which can lead to a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer version 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to remote code execution due to improper access to objects in memory. This could lead to memory corruption, allowing an attacker to execute arbitrary code in the context of the current user. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause memory errors and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to remote code execution due to improper access to objects in memory. This could lead to memory corruption, allowing an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to remote code execution due to improper access to objects in memory. This could lead to memory corruption, allowing an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code or cause a denial of service by using a specially crafted website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 7 **Description** The issue is related to improper access to objects in memory, which could lead to memory corruption. This allows remote attackers to execute arbitrary code or cause a denial of service in the context of the current user. **Recommendations** For Microsoft Internet Explorer version 7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.