Aapo Oksman

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX5500 (affected versions not specified) **Description** This issue allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this issue. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this issue to execute code in the context of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Email versions prior to 6.1.82.0 **Description** The issue allows a remote attacker to intercept network traffic, including sensitive information, due to improper certificate validation. **Recommendations** For versions prior to 6.1.82.0, update to version 6.1.82.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Python versions prior to 3.8.18 Python versions 3.9.x prior to 3.9.18 Python versions 3.10.x prior to 3.10.13 Python versions 3.11.x prior to 3.11.5 **Description** An issue was discovered in Python that primarily affects servers using TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. The vulnerability affects servers, such as HTTP servers, that use TLS client authentication. It does not affect client-side HTTPS connections. **Recommendations** Update to Python version 3.8.18 or later for Python 3.8.x Update to Python version 3.9.18 or later for Python 3.9.x Update to Python version 3.10.13 or later for Python 3.10.x Update to Python version 3.11.5 or later for Python 3.11.x As a temporary workaround, consider restricting access to the `ssl.SSLSocket` class until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Enroll Engine (affected versions not specified) **Description** The issue is related to errors in security settings of the Windows Enroll Engine component in Windows operating systems. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a security feature bypass that can be exploited by a remote attacker to circumvent existing security restrictions. It is associated with weaknesses in the authentication procedure of Windows operating systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.5 iPadOS versions prior to 14.5 Description: A certificate validation issue was addressed, which could allow an attacker in a privileged network position to alter network traffic. Recommendations: For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Intune Management Extension (affected versions not specified) **Description** The issue is related to privilege management errors in the Intune management extension for Windows operating systems. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure SDK for C (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in the Azure SDK for C, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.