Fluorescence

**Name of the Vulnerable Software and Affected Versions** Windows Graphics Component (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability that exists due to the improper handling of objects in memory by the Windows Graphics Component. This can be exploited by an attacker to elevate their privileges using a specially crafted application. The vulnerability may be triggered through insufficient input validation. There is also a mention of a use-after-free privilege escalation vulnerability in Microsoft Windows DirectComposition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Graphics Component (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability that exists due to the improper handling of objects in memory by the Windows Graphics Component. This can be exploited by an attacker to elevate their privileges, potentially using a specially crafted application. The vulnerability may be related to insufficient input validation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 5.4.7 through 5.4.28 Linux kernel versions 5.5.0 through 5.5.13 Linux kernel versions 5.6.0 through 5.6.0 **Description** The vulnerability is related to the bpf verifier in the Linux kernel, which did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. This issue affects the Linux 5.4 stable series and newer versions. The vulnerability can be exploited to escalate privileges, allowing an attacker to gain root access. A working exploit exists but has not been publicly released. The vulnerability is present in the eBPF subsystem, which allows running handlers for tracing, analyzing subsystems, and managing traffic within the kernel. **Recommendations** For Linux kernel versions 5.4.7 through 5.4.28, update to version 5.4.29 or later. For Linux kernel versions 5.5.0 through 5.5.13, update to version 5.5.14 or later. For Linux kernel versions 5.6.0 through 5.6.0, update to version 5.6.1 or later. As a temporary workaround, consider restricting access to the eBPF subsystem to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the "Windows Server" component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is due to a buffer overflow in memory. The exploitation of this issue may enable an attacker to execute arbitrary code with system privileges or cause a denial of service using a specially crafted application. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "Windows Server" component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2016 Windows 10 Windows 10 Servers **Description** An elevation of privilege issue exists due to the improper handling of objects in memory by the DirectX Graphics Kernel (DXGKRNL) driver. This allows attackers to affect the system. **Recommendations** For Windows Server 2016, update to a version that includes the fix for this issue. For Windows 10, update to a version that includes the fix for this issue. For Windows 10 Servers, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient access control in the Win32k component of Windows operating systems, which can be exploited to elevate privileges using a specially crafted application. This can allow an attacker to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2 macOS versions prior to 10.13.2 iCloud versions prior to 7.2 on Windows iTunes versions prior to 12.7.2 on Windows tvOS versions prior to 11.2 watchOS versions prior to 4.2 **Description** The issue involves the CFNetwork Session component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app, resulting in memory corruption. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later. For macOS versions prior to 10.13.2, update to version 10.13.2 or later. For iCloud versions prior to 7.2 on Windows, update to version 7.2 or later. For iTunes versions prior to 12.7.2 on Windows, update to version 12.7.2 or later. For tvOS versions prior to 11.2, update to version 11.2 or later. For watchOS versions prior to 4.2, update to version 4.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2 Safari versions prior to 11.0.2 iCloud versions prior to 7.2 on Windows iTunes versions prior to 12.7.2 on Windows tvOS versions prior to 11.2 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later. For Safari versions prior to 11.0.2, update to version 11.0.2 or later. For iCloud versions prior to 7.2 on Windows, update to version 7.2 or later. For iTunes versions prior to 12.7.2 on Windows, update to version 12.7.2 or later. For tvOS versions prior to 11.2, update to version 11.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10.3.2 Apple Safari versions prior to 10.1.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later. For Safari versions prior to 10.1.1, update to version 10.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 Safari versions prior to 10.1.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For Safari versions prior to 10.1.1, update to version 10.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.5 **Description** The issue is related to the WindowServer component and involves an out-of-bounds access in memory, which can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted app. **Recommendations** For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WindowServer component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.5 **Description** The issue involves the `WindowServer` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is due to a buffer overflow in the `WindowServer` component, which can be exploited by a remote attacker to achieve privilege escalation. **Recommendations** For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `WindowServer` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.5 **Description** The issue involves the WindowServer component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4 Apple Safari versions prior to 11.1 Apple iCloud versions prior to 7.5 on Windows Apple iTunes versions prior to 12.7.5 on Windows Apple tvOS versions prior to 11.4 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1, update to version 11.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later.