Andrew Griffiths

**Name of the Vulnerable Software and Affected Versions** NLnet Labs Unbound versions 1.6.2 through 1.25.0 **Description** A denial of service issue exists when the software is compiled with DNSCrypt support using the `--enable-dnscrypt` flag. A specially crafted DNSCrypt query, where the decrypted plaintext consists entirely of `0x00` bytes and lacks the expected `0x80` marker, can cause an underflow in the DNSCrypt packet reading procedure. This may lead to a heap overflow—a condition where data exceeds the boundary of a memory block allocated on the heap—potentially resulting in a crash. The likelihood of a crash depends on the underlying memory allocator and memory layout. **Recommendations** Update to version 1.25.1.

**Name of the Vulnerable Software and Affected Versions** SICUNET Access Controller version 0.32-05z **Description** A critical issue has been found, affecting an unknown functionality. The manipulation of the argument `c` leads to privilege escalation. This issue can be exploited remotely. **Recommendations** For SICUNET Access Controller version 0.32-05z, consider restricting access to the argument `c` to prevent privilege escalation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SICUNET Access Controller version 0.32-05z **Description** A critical issue was found in the software, affecting some unknown functionality of the file card scan decoder.php. The manipulation of the `No/door` argument leads to privilege escalation. The attack can be launched remotely. **Recommendations** For SICUNET Access Controller version 0.32-05z, consider restricting access to the card scan decoder.php file and limiting the manipulation of the `No/door` argument to prevent privilege escalation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SICUNET Access Controller version 0.32-05z **Description** A very critical issue has been identified, affecting an unknown part of the system. The manipulation leads to weak authentication, and it is possible to initiate the attack remotely. **Recommendations** For SICUNET Access Controller version 0.32-05z, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SICUNET Access Controller version 0.32-05z **Description** A vulnerability was found in the Password Storage component, leading to weak encryption. The manipulation requires a local attack. **Recommendations** For SICUNET Access Controller version 0.32-05z, consider updating the password storage mechanism to use stronger encryption algorithms to mitigate the risk of weak encryption. As a temporary workaround, restrict local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qemu versions 0.14.0 and earlier **Description** The issue arises from the change process uid function in os-posix.c, which fails to properly drop group privileges when the -runas option is used. This allows local guest users to access restricted files on the host. **Recommendations** For Qemu versions 0.14.0 and earlier, consider restricting access to sensitive files on the host until a fixed version is available. As a temporary workaround, avoid using the -runas option to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions 3.6 through 3.7.1 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, via a certain malformed ISAKMP packet to UDP port 500, which causes the software to enter an infinite loop. Multiple vulnerabilities in the tcpdump package may lead to disruption of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For tcpdump versions 3.6 through 3.7.1, consider disabling the `isakmp sub print` function as a temporary workaround until a patch is available. Restrict access to UDP port 500 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.