Logan Stratton

**Nome do software vulnerável e versões afetadas** Versões do Firefox anteriores à 125 Versões do Firefox ESR anteriores à 115.10 Versões do Thunderbird anteriores à 115.10 **Descrição** O problema está relacionado à função `GetBoundName`, que poderia retornar a versão incorreta de um objeto quando otimizações JIT eram aplicadas. Isso poderia permitir que um invasor remoto executasse código arbitrário. O número estimado de dispositivos potencialmente afetados em todo o mundo não foi especificado. **Recomendações** Para versões do Firefox anteriores à 125, atualize para a versão 125 ou posterior. Para versões do Firefox ESR anteriores à 115.10, atualize para a versão 115.10 ou posterior. Para versões do Thunderbird anteriores à 115.10, atualize para a versão 115.10 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the `uh get postdata withupload()` function of the HTTP server in Actiontec WCB6200Q Wi-Fi range extenders. This allows a remote attacker to execute arbitrary code on affected installations without requiring authentication. The flaw exists due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. The specific flaw exists within the HTTP server, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Authentication is not required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the `uh tcp recv header()` function of the HTTP server in the Actiontec WCB6200Q Wi-Fi range extender microprogram. This vulnerability is caused by the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. The vulnerability can be exploited remotely by network-adjacent attackers without requiring authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the `uh tcp recv content()` function of the HTTP server in the Actiontec WCB6200Q Wi-Fi range extender's firmware. This vulnerability is caused by the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability to execute arbitrary code on affected installations of Actiontec WCB6200Q routers without requiring authentication. The vulnerability exists within the HTTP server and can be leveraged by an attacker to execute code in the context of the HTTP server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. The flaw exists within the HTTP server, where a crafted Cookie header in an HTTP request can trigger the use of a format specifier from a user-supplied string. An attacker can leverage this to execute code in the context of the HTTP server. Authentication is not required to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vCloud Director for Service Providers versions 9.5.x prior to 9.5.0.3 **Description** The issue is related to incorrect session management in the vCloud Director platform, which may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged-in session. Successful exploitation of this issue can enable a remote attacker to hijack remote sessions. **Recommendations** For versions 9.5.x prior to 9.5.0.3, update to version 9.5.0.3 to resolve the issue.