Luat Nguyen

**Name of the Vulnerable Software and Affected Versions** Kibana (affected versions not specified) **Description** A security issue was found in Kibana where it failed to validate a user-supplied path, allowing the loading of .pbf files. This could enable a malicious user to traverse the Kibana host and load internal files with the .pbf extension. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 63.0.3239.84 Opera (affected versions not specified) **Description** The issue allows a remote attacker to potentially exploit heap corruption via a crafted PDF file. This is due to a use after free in PDFium. **Recommendations** For Google Chrome versions prior to 63.0.3239.84, update to version 63.0.3239.84 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 63.0.3239.84 Opera (affected versions not specified) **Description** The issue allows a remote attacker to potentially exploit heap corruption via a crafted PDF file. This is due to a use after free in PDFium. **Recommendations** For Google Chrome versions prior to 63.0.3239.84, update to version 63.0.3239.84 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 62.0.3202.62 Opera versions prior to 62.0.3202.62 **Description** A use after free in PDFium allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. **Recommendations** For Google Chrome versions prior to 62.0.3202.62, update to version 62.0.3202.62 or later. For Opera versions prior to 62.0.3202.62, update to a version that includes the fix for this issue, as the exact version is not specified.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 62.0.3202.62 Opera (affected versions not specified) **Description** The issue is related to a use after free in PDFium, which could allow a remote attacker to potentially exploit heap corruption via a crafted PDF file. **Recommendations** For Google Chrome versions prior to 62.0.3202.62, update to version 62.0.3202.62 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.