Pawel Wylecial

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 26 macOS Tahoe versions prior to 26 iOS versions prior to 26 iPadOS versions prior to 26 **Description** A use-after-free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to an unexpected Safari crash. **Recommendations** Update Safari to version 26 or later. Update macOS Tahoe to version 26 or later. Update iOS to version 26 or later. Update iPadOS to version 26 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 81.0.4044.122 Firefox (affected versions not specified) Firefox ESR (affected versions not specified) Thunderbird (affected versions not specified) **Description** The issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This is due to a use after free in ANGLE in Google Chrome. **Recommendations** For Google Chrome versions prior to 81.0.4044.122, update to version 81.0.4044.122 or later. For Firefox, Firefox ESR, and Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 77.0.3865.75 **Description** A use-after-free issue in the accessibility feature of Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. **Recommendations** For versions prior to 77.0.3865.75, update to version 77.0.3865.75 or later to resolve the issue.

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.4 **Description** The issue allows local users to gain privileges or cause a denial of service due to memory corruption via unspecified Thunderbolt commands. **Recommendations** For versions prior to 10.10.4, update to version 10.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X (affected versions not specified) **Description** The issue is related to a memory corruption remote code execution vulnerability in the DFont FOND of Apple OS X. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple OS X (affected versions not specified) **Description** The issue is related to a memory corruption remote code execution problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cogent DataHub versions prior to 7.3.5 **Description** The issue is related to a heap-based buffer overflow in the Web Server component. This can be exploited by remote attackers to execute arbitrary code. The exploitation is possible via a negative value in the `Content-Length` field in a request. **Recommendations** For versions prior to 7.3.5, update to version 7.3.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows Server 2012 Gold and R2 **Description** A denial of service issue exists in the Windows operating system related to the processing of iSCSI packets. Successful exploitation of this issue could allow an attacker to cause a service outage. This can be achieved by sending many crafted packets to the iSCSI service. **Recommendations** For Microsoft Windows Server 2008 SP2 and R2 SP1, consider restricting access to the iSCSI service to minimize the risk of exploitation. For Microsoft Windows Server 2012 Gold and R2, consider implementing network traffic filtering to limit the impact of crafted packets on the iSCSI service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows Server 2012 Gold **Description** The issue is related to errors in processing iSCSI connections, which can be exploited to cause a denial of service. This can be achieved by sending many crafted packets, resulting in an iSCSI service outage. **Recommendations** For Microsoft Windows Server 2008 SP2, update the iSCSI service to prevent denial of service attacks. For Microsoft Windows Server 2008 R2 SP1, restrict access to the iSCSI target service until a patch is available. For Microsoft Windows Server 2012 Gold, consider disabling the iSCSI target service as a temporary workaround until a fix is provided.