Gionathan Armando Reale

**Nome do software vulnerável e versões afetadas** Texas Instruments Fusion Digital Power Designer versão 7.10.1 **Descrição** A vulnerabilidade permite que um invasor local obtenha informações confidenciais devido ao armazenamento de credenciais em texto simples. Isso ocorre porque as credenciais não estão suficientemente protegidas no software. **Recomendações** Para o Texas Instruments Fusion Digital Power Designer versão 7.10.1, considere atualizar para uma versão mais recente que corrija o problema do armazenamento de credenciais em texto simples. Como solução temporária, restrinja o acesso às informações confidenciais armazenadas pelo software para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** TrevorC2 versions 1.1 through 1.2 **Description** The issue arises from a discrepancy in response headers when responding to different HTTP methods. Additionally, predictable responses occur when accessing and interacting with the `SITE PATH QUERY`. This allows for potential fingerprinting. **Recommendations** For TrevorC2 versions 1.1 through 1.2, as a temporary workaround, consider restricting access to the `SITE PATH QUERY` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KEYNTO Team Password Manager version 1.5.0 **Description** The issue arises from mishandled data saved from websites in the online vault, leading to a Cross Site Scripting (XSS) problem. **Recommendations** For KEYNTO Team Password Manager version 1.5.0, consider disabling the online vault feature until a patch is available to prevent potential XSS exploitation.

**Name of the Vulnerable Software and Affected Versions** Matomo version 3.9.1 **Description** A full path disclosure issue was discovered, allowing a user to trigger an error and discover the full path of Matomo on the disk. This occurs because `lastError.file` is used in `plugins/CorePluginsAdmin/templates/safemode.twig`. The vendor disputes the significance of this issue. **Recommendations** For Matomo version 3.9.1, consider modifying the `safemode.twig` template to avoid disclosing the full path when an error occurs, or restrict access to the `CorePluginsAdmin` plugin until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GAT-Ship Web Module versions prior to 1.31 **Description** The issue allows remote attackers to obtain potentially sensitive information. This is achieved via a request to the "ws/gatshipWs.asmx/SqlVersion" API endpoint. **Recommendations** For GAT-Ship Web Module versions prior to 1.31, consider restricting access to the "ws/gatshipWs.asmx/SqlVersion" API endpoint until a patch is available.