Thomas Pollet

**Name of the Vulnerable Software and Affected Versions** Hummingbird Xweb ActiveX Control versions 13.0 and earlier **Description** The issue is related to a stack-based buffer overflow in the Hummingbird.XWebHostCtrl.1 ActiveX control, specifically in the hclxweb.dll file. This occurs when a long `PlainTextPassword` property is provided, potentially allowing remote attackers to execute arbitrary code. It is noted that code execution might not be possible in version 13.0. **Recommendations** For Hummingbird Xweb ActiveX Control versions 13.0 and earlier, consider disabling the `PlainTextPassword` property as a temporary workaround until a patch is available. Restrict access to the hclxweb.dll file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ClamAV version 0.92.1 **Description** The issue is related to a heap-based buffer overflow in the pe.c file of libclamav. This can be exploited by remote attackers through a crafted WWPack compressed PE binary, potentially allowing them to execute arbitrary code. **Recommendations** For ClamAV version 0.92.1, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Open-Xchange versions 0.8.1-6 and earlier Description: The issue concerns a cross-site scripting (XSS) vulnerability in the webmail component of Open-Xchange, specifically when the "Inline HTML" feature is enabled. This allows remote attackers to inject arbitrary web script or HTML via email attachments that are rendered inline. Recommendations: For Open-Xchange versions 0.8.1-6 and earlier, consider disabling the "Inline HTML" feature to prevent the rendering of email attachments inline until a fix is available.

**Name of the Vulnerable Software and Affected Versions** openSUSE dazuko-kmp-debug (affected versions not specified) openSUSE kvm-kmp-trace (affected versions not specified) openSUSE ofed-kmp-debug (affected versions not specified) openSUSE aufs-kmp-debug (affected versions not specified) openSUSE kqemu-kmp-debug (affected versions not specified) openSUSE drbd-kmp-debug (affected versions not specified) openSUSE ofed-kmp-trace (affected versions not specified) openSUSE iscsitarget-kmp-trace (affected versions not specified) openSUSE pcfclock-kmp-trace (affected versions not specified) openSUSE intel-iamt-heci-kmp-debug (affected versions not specified) openSUSE kqemu-kmp-trace (affected versions not specified) openSUSE dazuko-kmp-trace (affected versions not specified) openSUSE drbd-kmp-trace (affected versions not specified) openSUSE iscsitarget-kmp-debug (affected versions not specified) openSUSE pcfclock-kmp-debug (affected versions not specified) openSUSE aufs-kmp-trace (affected versions not specified) openSUSE intel-iamt-heci-kmp-trace (affected versions not specified) Linux kernel versions prior to 2.6.30-rc1 **Description** The issue involves multiple vulnerabilities in various packages of the openSUSE operating system, which can lead to a disruption of protected information. These vulnerabilities can be exploited remotely. In the Linux kernel, an integer overflow in the `rose sendmsg` function might allow remote attackers to obtain sensitive information via a large length value. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.