Han Myung-Wook

**Name of the Vulnerable Software and Affected Versions** Yettiesoft VestCert versions 2.36 to 2.5.29 **Description** A vulnerability exists in Yettiesoft VestCert due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution. **Recommendations** For Yettiesoft VestCert versions 2.36 to 2.5.29, consider disabling the loading of third-party modules until a patch is available to prevent remote code execution. Restrict access to the module loading functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DreamSecurity MagicLine4NX versions 1.0.0.1 through 1.0.0.26 **Description** The issue is related to a buffer overflow vulnerability. This vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information and potentially conduct a "Watering Hole" attack. The vulnerability allows an attacker to remotely execute code. There have been reports of a North Korean government-sponsored hacking group exploiting this vulnerability to install malware. **Recommendations** For DreamSecurity MagicLine4NX versions 1.0.0.1 through 1.0.0.26, update to a version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.