Candymate

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An out of bounds read in V8 allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read occurs when the system reads data past the end or before the beginning of the intended buffer. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** Out of bounds memory access in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.109 **Description** An integer overflow in the V8 JavaScript engine within Google Chrome could lead to heap corruption. This issue could be triggered by a remote attacker using a specially crafted HTML page. The Chromium security severity is rated as High. **Recommendations** Update Google Chrome to version 145.0.7632.109 or later.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Description: The issue is related to errors in the code of the User Interface component of the Oracle Labor Distribution product. It allows a low-privileged attacker with network access via HTTP to compromise Oracle Labor Distribution, resulting in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized access to critical data or complete access to all accessible data. Recommendations: For versions 12.1.1 through 12.1.3, consider restricting access to the User Interface component until a patch is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.20 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. The vulnerability may significantly impact additional products. Recommendations: For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.