Maher Azzouzi

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A use after free issue in the GFX component allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A type confusion issue exists in ANGLE, which could allow a remote attacker to potentially exploit heap corruption through the use of a crafted HTML page. Type confusion occurs when a program accesses a resource using a type that is different from the type it was originally allocated with. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A use after free issue in Cast allows an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. Use after free is a condition where a program continues to use a pointer after it has been freed, which can lead to memory corruption. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5. Update watchOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.16 **Description** The issue is related to errors in processing input data in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox. This vulnerability applies to Linux hosts only. **Recommendations** For versions prior to 7.0.16, update to version 7.0.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LXC (affected versions not specified) **Description** The issue is related to a component of the LXC virtualization system, specifically lxc-user-nic, and involves information disclosure due to inconsistency. Exploitation of this issue could allow an attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amanda version 3.5.1 **Description** An information leak issue was discovered in the calcsize SUID binary, allowing an attacker to determine if a directory exists anywhere in the file system. The binary uses the `opendir()` function as root without path validation, enabling an attacker to provide an arbitrary path. **Recommendations** For Amanda version 3.5.1, consider restricting access to the calcsize SUID binary until a patch is available, or apply configuration changes to limit the binary's ability to access arbitrary paths. As a temporary workaround, consider disabling the use of the `opendir()` function in the calcsize binary to minimize the risk of exploitation.