Daniel Shapira

**Nome do software vulnerável e versões afetadas** Versões do Jfrog Artifactory anteriores à 6.17.0 **Descrição** O problema está relacionado ao fato de o Jfrog Artifactory utilizar senhas padrão, como `password`, para contas administrativas e não exigir que os usuários as alterem. Isso pode permitir que invasores não autorizados, por meio da rede, comprometam totalmente o Jfrog Artifactory. **Recomendações** Para versões do Jfrog Artifactory anteriores à 6.17.0, atualize para a versão 6.17.0 ou posterior para resolver o problema. Como solução temporária, considere alterar as senhas padrão das contas administrativas para senhas fortes e exclusivas. Restrinja o acesso às contas administrativas para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Qemu emulator version 3.0.0 and earlier **Description** The issue is related to an integer overflow that could lead to a buffer overflow problem. This occurs when receiving packets over the network, specifically with the NE2000 NIC emulation support. A user inside the guest could exploit this flaw to crash the Qemu process, resulting in a denial of service (DoS). **Recommendations** For Qemu emulator version 3.0.0 and earlier, consider disabling the NE2000 NIC emulation support as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qemu (affected versions not specified) **Description** The issue allows attackers to cause a denial of service or possibly have unspecified other impact due to `qemu deliver packet iov` in `net/net.c` accepting packet sizes greater than `INT MAX`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified) Description: The issue is related to an integer overflow in the `rtl8139 do receive` function of the QEMU hardware emulator. This can lead to a buffer overflow. The vulnerability may allow a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.16.13 **Description** The issue is related to the sr do ioctl function in the Linux kernel, which allows local users to cause a denial of service or possibly have other unspecified impacts due to a stack-based buffer overflow. This occurs because sense buffers have different sizes at the CDROM layer and the SCSI layer. An example of exploitation is through a CDROMREADMODE2 ioctl call. **Recommendations** For Linux kernel versions prior to 4.16.13, update to version 4.16.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the sr do ioctl function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.4.39 **Description** The issue is related to the try read command function in memcached.c, which allows remote attackers to cause a denial of service (segmentation fault) via a request to add or set a key. This is due to a comparison between signed and unsigned int, triggering a heap-based buffer over-read. The vulnerability exists because of an incomplete fix for a previous issue. **Recommendations** For versions prior to 1.4.39, update to version 1.4.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the try read command function until a patch is available.