Zhibin Hu

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified) Description: The issue is related to the use of a shared resource with incorrect synchronization during file renaming in the QEMU hardware emulator, specifically in the `v9fs wstat` function. This can be exploited to cause a denial of service, resulting in a crash. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified) Description: The issue is related to the hw/9pfs/cofile.c and hw/9pfs/9p.c components in QEMU, where a race condition can occur, allowing a thread to modify an fid path while it is being accessed by another thread. This can lead to a use-after-free outcome, potentially causing a denial of service. The exploitation of this issue may allow an attacker to cause a service disruption. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.x before 4.7.3 **Description** The issue is related to a use-after-free vulnerability in the implementation of the SMB1 protocol in the Samba network interaction software package. This vulnerability can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability allows remote attackers to execute arbitrary code via a crafted SMB1 request, potentially giving them control over the contents of dynamic memory. **Recommendations** For Samba versions 4.x before 4.7.3, update to version 4.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMB1 protocol until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause memory errors and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue is related to improper access to objects in memory, which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the current user. This can be triggered by visiting a crafted web site. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of triggering the memory corruption issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to remote code execution due to improper access to objects in memory. This could lead to memory corruption, allowing an attacker to execute arbitrary code in the context of the current user. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to memory handling errors, allowing an attacker to execute arbitrary code or cause a denial of service using a specially crafted website. This is due to improper access to objects in memory in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to a use-after-free error when working with the CGeneratedContent object, allowing remote attackers to execute arbitrary code through a specially crafted website. This could corrupt memory, enabling the execution of arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 9 through 10 **Description** The issue is related to memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to improper access to objects in memory, which could corrupt memory and enable an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 9 and 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 11 (affected versions not specified) **Description** The issue is related to memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to improper access to objects in memory, which could corrupt memory and enable an attacker to execute arbitrary code in the context of the current user. The vulnerability is also associated with insufficient input validation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 10 through 11 **Description** The issue is related to a use-after-free error due to insufficient validation of user-input data when handling the DOM tree, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 10 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to a use-after-free error when accessing Undo ExecCommand, allowing remote attackers to execute arbitrary code or cause a denial of service by exploiting improper memory access. This could potentially corrupt memory, enabling an attacker to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.