Johnathan Norman

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to a lack of protection for sensitive data in Microsoft Edge, which could allow a remote attacker to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 86.0.4240.99 **Description** The issue is related to a use after free in V8, which could allow a remote attacker to potentially exploit heap corruption. This can be achieved via a crafted HTML page. **Recommendations** For versions prior to 86.0.4240.99, update to version 86.0.4240.99 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to insufficient policy enforcement in navigation, allowing a remote attacker to bypass site isolation. This can be achieved via a crafted HTML page, potentially leading to unauthorized access to protected information and disruption of its integrity and availability. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** A remote code execution issue exists in the way the Chakra scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user, potentially gaining the same user rights as the current user. If the current user has administrative rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** A remote code execution issue exists in the way the Chakra scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user, potentially gaining the same user rights as the current user. If the current user has administrative rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the way the scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts with full user rights. The exploitation can be done through specially crafted web page content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge versions in Microsoft Windows 10 1703 through 1709 Description: An information disclosure issue exists due to how Microsoft Edge handles objects in memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. The issue is related to improper handling of objects in memory by Microsoft Edge. Recommendations: For Microsoft Edge in Microsoft Windows 10 1703 and 1709, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the way the scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (affected versions not specified) Description: An information disclosure issue exists due to the scripting engine's improper handling of objects in memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec pcAnywhere versions prior to 12.5.3 Altiris IT Management Suite pcAnywhere Solution versions 7.0 and 7.1 Altiris Client Management Suite pcAnywhere Solution versions 7.0 and 7.1 Altiris Deployment Solution Remote pcAnywhere Solution version 7.1 **Description** The issue allows remote attackers to cause a denial of service via a crafted TCP session on port 5631, resulting in a daemon crash. **Recommendations** For Symantec pcAnywhere versions prior to 12.5.3, update to version 12.5.3 or later to resolve the issue. For Altiris IT Management Suite pcAnywhere Solution versions 7.0 and 7.1, update to a version that is not based on Symantec pcAnywhere 12.5.3 or earlier. For Altiris Client Management Suite pcAnywhere Solution versions 7.0 and 7.1, update to a version that is not based on Symantec pcAnywhere 12.5.3 or earlier. For Altiris Deployment Solution Remote pcAnywhere Solution version 7.1, update to a version that is not based on Symantec pcAnywhere 12.5.3 or earlier.