0Vercl0K

**Name of the Vulnerable Software and Affected Versions** Unified Automation UaGateway (affected versions not specified) **Description** This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this issue. The specific flaw exists within the `ImportCsv` method, where a crafted XML payload can cause a null pointer dereference, allowing an attacker to leverage this issue to create a denial-of-service condition on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Unified Automation UaGateway (affected versions not specified) **Description** This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. The flaw exists within the implementation of the AddServer method, where specifying crafted arguments can cause invalid characters to be inserted into an XML configuration file, leading to a persistent denial-of-service condition. Authentication is required to exploit this vulnerability when the product is in its default configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unified Automation UaGateway (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. The specific flaw exists within the handling of NodeManagerOpcUa objects, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Authentication is required to exploit this vulnerability when the product is in its default configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** TP-Link AC1750 versões anteriores à 1.1.4 Build 20211022 rel.59103(5553) **Descrição** Esta vulnerabilidade permite que invasores na mesma rede executem código arbitrário em instalações afetadas dos roteadores TP-Link AC1750. Não é necessária autenticação para explorar esta vulnerabilidade. A falha específica existe no módulo `NetUSB.ko`, resultante da falta de validação adequada dos dados fornecidos pelo usuário, o que pode resultar em um estouro de inteiro antes da alocação de um buffer. Um invasor pode aproveitar esta vulnerabilidade para executar código no contexto de root. **Recomendações** Para versões anteriores à 1.1.4 Build 20211022 rel.59103(5553), considere atualizar para uma versão que inclua a correção para esta vulnerabilidade. Como solução temporária, considere desativar o módulo `NetUSB.ko` até que um patch esteja disponível. Restrinja o acesso ao roteador para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Versões do Thunderbird anteriores à 91.8 Versões do Firefox anteriores à 99 Versões do Firefox ESR anteriores à 91.8 **Descrição** O problema está relacionado a um erro de limite ao lidar com um número inesperado de extensões WebAuthN em um comando Register. Isso pode levar a uma gravação fora dos limites, resultando em corrupção de memória e uma falha potencialmente explorável. Um invasor poderia explorar isso criando uma página da Web especialmente criada, induzindo a vítima a abri-la e, em seguida, realizando uma gravação fora dos limites para executar código arbitrário no sistema. **Recomendações** Para versões do Thunderbird anteriores à 91.8, atualize para a versão 91.8 ou posterior. Para versões do Firefox anteriores à 99, atualize para a versão 99 ou posterior. Para versões do Firefox ESR anteriores à 91.8, atualize para a versão 91.8 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** A denial of service issue exists due to improper handling of objects in memory. This allows attackers to affect the system. **Recommendations** For Windows 7, apply the necessary patch to resolve the issue. For Windows Server 2012 R2, apply the necessary patch to resolve the issue. For Windows RT 8.1, apply the necessary patch to resolve the issue. For Windows Server 2008, apply the necessary patch to resolve the issue. For Windows Server 2012, apply the necessary patch to resolve the issue. For Windows 8.1, apply the necessary patch to resolve the issue. For Windows Server 2016, apply the necessary patch to resolve the issue. For Windows Server 2008 R2, apply the necessary patch to resolve the issue. For Windows 10, apply the necessary patch to resolve the issue. For Windows 10 Servers, apply the necessary patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe versions in Microsoft Windows Server 2008 SP2 and R2 SP1 Windows Uniscribe versions in Windows 7 SP1 Office versions 2007 SP3 and 2010 SP2 Word Viewer Office for Mac versions 2011 and 2016 Skype for Business version 2016 Lync versions 2013 SP1, 2010 Lync 2010 Attendee Live Meeting 2007 Add-in and Console **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code via a specially crafted website, document, or email attachment. This could enable the attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights. **Recommendations** For Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that contains a fix for this issue. For Windows Uniscribe in Windows 7 SP1, update to a newer version that contains a fix for this issue. For Office versions 2007 SP3 and 2010 SP2, update to a newer version that contains a fix for this issue. For Word Viewer, update to a newer version that contains a fix for this issue. For Office for Mac versions 2011 and 2016, update to a newer version that contains a fix for this issue. For Skype for Business version 2016, update to a newer version that contains a fix for this issue. For Lync versions 2013 SP1, 2010, and Lync 2010 Attendee, update to a newer version that contains a fix for this issue. For Live Meeting 2007 Add-in and Console, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to specially crafted websites, documents, or email attachments until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an information disclosure problem. It occurs when the Windows GDI component improperly discloses the contents of its memory. This could allow an attacker to obtain sensitive information, potentially further compromising the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 Gold, 1511, 1607 Windows Server 2016 Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Office Word Viewer Microsoft Lync 2013 SP1 Skype for Business 2016 Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows Microsoft Silverlight 5 when installed on Microsoft Windows **Description** The issue is related to the way Windows Uniscribe handles objects in memory, allowing a remote code execution. This could enable an attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Windows Server 2008 SP2 and R2 SP1, consider applying security updates to address the issue. For Windows 7 SP1, apply the latest security patches to mitigate the risk. For Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016, ensure all latest updates are installed. For Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, and Skype for Business 2016, apply the latest security updates. For Microsoft Silverlight 5 Developer Runtime and Microsoft Silverlight 5, ensure you have the latest version installed and consider disabling unnecessary features until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an information disclosure problem in the Windows GDI component, where it improperly discloses the contents of its memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. The vulnerability enables attackers to obtain sensitive information and potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe (affected versions not specified) **Description** The issue is related to an information disclosure problem where Windows Uniscribe improperly discloses the contents of its memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. The vulnerability enables attackers to obtain sensitive information and potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe (affected versions not specified) **Description** The issue allows attackers to obtain sensitive information and affect the system. It is an information disclosure vulnerability that exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the issue could obtain information to further compromise the user’s system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe (affected versions not specified) **Description** The issue allows attackers to obtain sensitive information and affect the system. It is an information disclosure vulnerability that exists when Windows Uniscribe improperly discloses the contents of its memory, potentially allowing an attacker to obtain information to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** The issue arises from the improper handling of window broadcast messages by the Windows kernel, allowing local users to gain privileges via a crafted application. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.