Curmudgeonjericho

**Name of the Vulnerable Software and Affected Versions** Jura Internet Connection Kit for the Jura Impressa F90 coffee maker (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, which may result in physical damage, financial loss, or water damage. Attackers can also modify coffee settings and possibly execute code via a crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Axis version 1.0 **Description** The issue allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file. This action reveals the installation path in the resulting exception message. **Recommendations** For Apache Axis version 1.0, consider restricting access to the WSDL files to minimize the risk of exploitation. As a temporary workaround, modify the error handling mechanism to avoid disclosing sensitive information, such as the installation path, in exception messages.

**Name of the Vulnerable Software and Affected Versions** Helm Web Hosting Control Panel versions 3.2.10 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `txtDomainName` parameter to "domains.asp", or the `SearchText` or `UserLevel` parameters to "default.asp". **Recommendations** For Helm Web Hosting Control Panel versions 3.2.10 and earlier, update to a version later than 3.2.10 to resolve the issue. As a temporary workaround, consider restricting access to the "domains.asp" and "default.asp" pages until a patch is available. Avoid using the `txtDomainName`, `SearchText`, and `UserLevel` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IBM AIX version 5.3 **Description** The issue is related to an unspecified vulnerability in the mklvcopy component of BOS.RTE.LVM, which allows local users to execute arbitrary commands. This could be due to an untrusted search path vulnerability when mklvcopy calls external commands. **Recommendations** For IBM AIX version 5.3, consider restricting access to the mklvcopy component until a fix is available. As a temporary workaround, review and secure the search path used by mklvcopy to prevent the execution of unauthorized commands.