Alexjplaskett

**Name of the Vulnerable Software and Affected Versions** Pioneer DMH-WT7600NEX (affected versions not specified) **Description** This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. No authentication is required to exploit this issue. The specific flaw exists within the telematics functionality, which operates over HTTPS. The problem results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this, in conjunction with other vulnerabilities, to execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pioneer DMH-WT7600NEX (affected versions not specified) **Description** This issue allows network-adjacent attackers to create arbitrary files on affected installations. Although authentication is required to exploit this, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality and results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alpine Halo9 (affected versions not specified) **Description** This issue allows physically present attackers to bypass the signature validation mechanism on affected installations of Alpine Halo9 devices. No authentication is required to exploit this issue. The flaw exists within the firmware metadata signature validation mechanism due to the lack of proper verification of a cryptographic signature. An attacker can leverage this, potentially in conjunction with other issues, to execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Alpine Halo9 (affected versions not specified) **Description** This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The specific flaw exists within the `UPDM wemCmdUpdFSpeDecomp` function, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 (affected versions not specified) Description: The issue is related to improper input validation and a missing authentication procedure, allowing an unauthenticated remote attacker to modify configurations. This can lead to remote code execution, gaining root rights, or performing a Denial of Service (DoS). The vulnerability is associated with the CharxSystemConfigManager service of the Phoenix Contact CHARX SEC-3100 modular charging controllers. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.0.1 tvOS versions prior to 14.0 macOS Big Sur versions prior to 11.1 macOS Catalina versions prior to Security Update 2020-001 macOS Mojave versions prior to Security Update 2020-007 watchOS versions prior to 7.0 iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** Multiple memory corruption issues were addressed with improved input validation. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. **Recommendations** For macOS versions prior to 11.0.1, update to macOS Big Sur 11.0.1 or later. For tvOS versions prior to 14.0, update to tvOS 14.0 or later. For macOS Big Sur versions prior to 11.1, update to macOS Big Sur 11.1 or later. For macOS Catalina versions prior to Security Update 2020-001, apply Security Update 2020-001 or later. For macOS Mojave versions prior to Security Update 2020-007, apply Security Update 2020-007 or later. For watchOS versions prior to 7.0, update to watchOS 7.0 or later. For iOS versions prior to 14.0, update to iOS 14.0 or later. For iPadOS versions prior to 14.0, update to iPadOS 14.0 or later.