Daniel Rhea

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update to iOS 18.7.9 Update to iOS 26.5 Update to iPadOS 18.7.9 Update to iPadOS 26.5 Update to macOS Tahoe 26.5 Update to tvOS 26.5 Update to visionOS 26.5 Update to watchOS 26.5

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash before authentication or cryptographic operations, resulting in a Denial of Service. The issue occurs when the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence, leading to a NULL pointer dereference if the field is missing. Applications and services calling CMS decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected. Recommendations Update to a version after 3.6. As a temporary workaround, avoid processing untrusted CMS EnvelopedData messages with KeyAgreeRecipientInfo.

**Name of the Vulnerable Software and Affected Versions** AsusSoftwareManagerAgent (affected versions not specified) **Description** An uncontrolled DLL loading path issue exists in AsusSoftwareManagerAgent. A local attacker may be able to influence the application to load a DLL from a location controlled by the attacker, potentially leading to arbitrary code execution. The vulnerability involves the application’s handling of DLL loading paths, allowing an attacker to specify a malicious DLL to be loaded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Display Driver (affected versions not specified) **Description** The NVIDIA Display Driver contains a flaw where an uncontrolled DLL loading path can be exploited. This could lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering. The issue involves the potential to hijack DLLs, allowing attackers to load malicious code with elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 102.0.5005.61 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in the File System API, allowing a remote attacker to bypass file system restrictions. This can be achieved via a crafted HTML page. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Google Chrome versions prior to 102.0.5005.61, update to version 102.0.5005.61 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.