Joseph Sheridan

**Nome do software vulnerável e versões afetadas** Safend Data Protector Agent versão 3.4.5586.9772 **Descrição** Existe uma vulnerabilidade de escalonamento de privilégios no serviço SDBagent, que poderia permitir que um usuário mal-intencionado local obtivesse privilégios. **Recomendações** Para a versão 3.4.5586.9772, no momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Nome do software vulnerável e versões afetadas** Safend Data Protector Agent versão 3.4.5586.9772 **Descrição** Existe uma vulnerabilidade de escalonamento de privilégios no binário de serviço não entre aspas no SDPAgent ou SDBAgent, o que poderia permitir que um usuário mal-intencionado local obtivesse privilégios. **Recomendações** Para o Safend Data Protector Agent versão 3.4.5586.9772, atualize para uma versão que coloque o binário de serviço do SDPAgent ou SDBAgent entre aspas para impedir a escalada de privilégios.

**Name of the Vulnerable Software and Affected Versions** Group-Office community versions prior to 4.0.90 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `sort` parameter in the modules/calendar/json.php file. **Recommendations** For versions prior to 4.0.90, update to version 4.0.90 or later to resolve the issue. As a temporary workaround, consider restricting access to the modules/calendar/json.php file or avoiding the use of the `sort` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** RealPlayer version 15.0.5.109 **Description** The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved through a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature. **Recommendations** For RealPlayer version 15.0.5.109, consider disabling the Watch Folders feature as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** XnView versions 1.99 through 1.99.1 **Description** The issue is related to a heap-based buffer overflow in the xjpegls.dll format plugin, which handles JLS (JPEG-LS or JPEG lossless) images. This allows remote attackers to execute arbitrary code via a crafted JLS image file. **Recommendations** For XnView versions 1.99 through 1.99.1, consider disabling the xjpegls.dll plugin to prevent exploitation until a patch is available. Restrict access to handling JLS image files in XnView to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GIMP versions 2.6.12 and earlier **Description** The issue is related to a buffer overflow in the readstr upto function, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a long string in a command to the script-fu server. **Recommendations** For GIMP versions 2.6.12 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.