Andres Blanco

Name of the Vulnerable Software and Affected Versions: FOSCAM IP Camera FI8620 (affected versions not specified) Description: An issue exists due to insufficient access restrictions in the `/tmpfs/` and `/log/` directories, which could let a malicious user obtain sensitive information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Android versions prior to 5.0.1 Android versions prior to 5.0.2 Android 4.4.4 Android 4.2.2 Android 4.1.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a device reboot, via a crafted 802.11 probe response frame. This is due to improper exception handling in WiFiMonitor. Recommendations: For Android 4.4.4, update to a version newer than 5.0.1 to resolve the issue. For Android 4.2.2, update to a version newer than 5.0.1 to resolve the issue. For Android 4.1.2, update to a version newer than 5.0.1 to resolve the issue. For versions prior to 5.0.1 and 5.0.2, update to version 5.0.1 or newer to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti UBNT AirCam with airVision firmware versions prior to 1.1.6 **Description** The issue is related to a buffer overflow in the ubnt-streamer RTSP service. This occurs when a long rtsp: URI is sent in a DESCRIBE request, allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to 1.1.6, update the airVision firmware to version 1.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTSP service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Broadcom BCM4325 and BCM4329 Wi-Fi chips (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and Wi-Fi outage, via an RSN 802.11i information element. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Comodo Firewall Pro versions prior to 3.0 **Description** The issue arises from improper validation of certain parameters to hooked System Service Descriptor Table (SSDT) functions. This can be exploited by local users to cause a denial of service, resulting in a system crash. The exploitation vectors include a crafted `OBJECT ATTRIBUTES` structure in a call to the `NtDeleteFile` function, leading to improper validation of a `ZwQueryObject` result, as well as unspecified calls to the `NtCreateFile` and `NtSetThreadContext` functions. **Recommendations** For Comodo Firewall Pro versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `NtDeleteFile`, `NtCreateFile`, and `NtSetThreadContext` functions to minimize the risk of exploitation. Additionally, avoid using crafted `OBJECT ATTRIBUTES` structures in calls to the `NtDeleteFile` function until the issue is resolved.