Daffainfo

**Name of the Vulnerable Software and Affected Versions** MongoDB (affected versions not specified) **Description** An issue exists in the `$ internalApplyOplogUpdate` aggregation pipeline stage where an authenticated user with access to the `aggregate` command can execute a document diff containing a malformed binary diff. This can result in memory out-of-bounds access or a server crash, leading to potential data exposure and Denial of Service (DoS), which is a condition where a service becomes unavailable to its intended users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Electron versions 33.0.0-alpha.1 through 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5 Description Electron applications utilizing offscreen rendering with GPU shared textures may experience a use-after-free condition. Specifically, the `release()` callback associated with a `paint` event texture can outlive its native state, potentially leading to memory corruption or a crash when invoked. Applications are only affected if they employ offscreen rendering with `webPreferences.offscreen: { useSharedTexture: true }`. The `texture.release()` function is central to this issue. Recommendations Versions prior to 39.8.5: Ensure `texture.release()` is called promptly after the texture has been consumed, before the texture object becomes unreachable. Versions prior to 40.8.5: Ensure `texture.release()` is called promptly after the texture has been consumed, before the texture object becomes unreachable. Versions prior to 41.1.0: Ensure `texture.release()` is called promptly after the texture has been consumed, before the texture object becomes unreachable. Versions prior to 42.0.0-alpha.5: Ensure `texture.release()` is called promptly after the texture has been consumed, before the texture object becomes unreachable.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows allowed a remote attacker to bypass download restrictions via a crafted HTML page. The security severity is Medium. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.55 **Description** A flaw exists in the Media component of Google Chrome on Android. This issue involves synchronization errors when using a shared resource. Successful exploitation could allow a remote attacker who has compromised the renderer process to corrupt media stream metadata via a crafted HTML page. **Recommendations** Update Google Chrome to version 147.0.7727.55 or later.