Pjf

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 15.1 Apple iPadOS versions prior to 15.1 Apple macOS versions prior to 12.0.1 Apple tvOS versions prior to 15.1 Apple watchOS versions prior to 8.1 Apple macOS Catalina versions prior to Security Update 2021-007 Apple macOS Big Sur versions prior to 11.6.1 **Description** An input validation issue was addressed with improved memory handling. Unpacking a maliciously crafted archive may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 15.1, update to iOS 15.1 or later. For iPadOS versions prior to 15.1, update to iPadOS 15.1 or later. For macOS Monterey versions prior to 12.0.1, update to macOS Monterey 12.0.1 or later. For tvOS versions prior to 15.1, update to tvOS 15.1 or later. For watchOS versions prior to 8.1, update to watchOS 8.1 or later. For macOS Catalina, apply Security Update 2021-007 or later. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** Windows Graphics Component (affected versions not specified) **Description** The issue is related to unsafe privilege management in the Windows Graphics Component, allowing an attacker to elevate their privileges. This can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insecure privilege management in the DirectX component of the Windows operating system. It allows an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows DirectX (affected versions not specified) Description: The issue is related to errors in processing objects in memory within the Windows DirectX component, allowing an attacker to gain unauthorized access to protected information. This can lead to the disclosure of sensitive information and potentially affect the system. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: The issue is related to insufficient access restrictions in the DirectX component of the Windows operating system. It allows an attacker to potentially elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon versions (affected versions not specified) **Description** A buffer overflow issue is present in the video application of Qualcomm Snapdragon due to the destination buffer size being lesser than the source buffer size. This issue affects various Snapdragon products, including Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables, in multiple chipsets such as Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, and SXR2130. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions (affected versions not specified) Description: The issue is related to register write via debugfs being disabled by default to prevent unauthorized register writing. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Voice & Music, in specific chipsets such as MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55, and SM8150. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability that occurs when DirectX improperly handles objects in memory. This could allow an attacker to elevate their privileges using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in DirectX, which occurs due to improper handling of objects in memory. This could allow an attacker to elevate their privileges using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in handling objects in memory by the DirectX component of the Windows operating system. It allows a remote attacker to potentially elevate their privileges using a specially crafted application. This can impact the system by allowing attackers to affect it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Graphics Components (affected versions not specified) **Description** An information disclosure issue exists in the way Microsoft Graphics Components handle objects in memory. This could allow an attacker to disclose protected information. The vulnerability is related to errors in processing objects in memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in handling objects in memory by the DirectX component of the Windows operating system. It allows an attacker to potentially elevate their privileges using a specially crafted application. This can affect the system, enabling attackers to gain increased access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to improper handling of objects in memory by DirectX, which can lead to information disclosure. An attacker could exploit this by using a specially crafted application to reveal protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the `Graphics Drivers` component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A vulnerability allows attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A vulnerability allows attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to an information disclosure vulnerability in the Qualcomm video driver. It affects Android products. **Recommendations** For Android kernel, update to a version that includes the fix for the information disclosure vulnerability in the Qualcomm video driver.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to an information disclosure vulnerability in the Qualcomm SPMI driver. It affects the Android kernel. **Recommendations** For Android kernel, apply the fix referenced by Android ID A-33644474 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Windows Server 2008 R2 SP1 Windows 7 SP1 Windows 8.1 and RT 8.1 Windows Server 2012 and R2 Windows 10 versions 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 Description: The issue allows attackers to obtain sensitive information and affect the system due to how memory addresses are handled. Recommendations: For Windows Server 2008 R2 SP1, update to a newer version to mitigate the risk. For Windows 7 SP1, update to a newer version to mitigate the risk. For Windows 8.1 and RT 8.1, update to a newer version to mitigate the risk. For Windows Server 2012 and R2, update to a newer version to mitigate the risk. For Windows 10 versions 1511, 1607, 1703, and 1709, update to a newer version to mitigate the risk. For Windows Server 2016 and Windows Server, version 1709, update to a newer version to mitigate the risk.