Axel Souchet

**Name of the Vulnerable Software and Affected Versions** Unified Automation UaGateway (affected versions not specified) **Description** This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. The flaw exists within the implementation of the AddServer method, where specifying crafted arguments can cause invalid characters to be inserted into an XML configuration file, leading to a persistent denial-of-service condition. Authentication is required to exploit this vulnerability when the product is in its default configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unified Automation UaGateway (affected versions not specified) **Description** This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this issue. The specific flaw exists within the `ImportCsv` method, where a crafted XML payload can cause a null pointer dereference, allowing an attacker to leverage this issue to create a denial-of-service condition on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Unified Automation UaGateway (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. The specific flaw exists within the handling of NodeManagerOpcUa objects, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Authentication is required to exploit this vulnerability when the product is in its default configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link AC1750 versions prior to 1.1.4 Build 20211022 rel.59103(5553) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 routers. Authentication is not required to exploit this issue. The specific flaw exists within the `NetUSB.ko` module, resulting from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For versions prior to 1.1.4 Build 20211022 rel.59103(5553), consider updating to a version that includes the fix for this issue. As a temporary workaround, consider disabling the `NetUSB.ko` module until a patch is available. Restrict access to the router to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 91.8 Firefox versions prior to 99 Firefox ESR versions prior to 91.8 **Description** The issue is related to a boundary error when handling an unexpected number of WebAuthN Extensions in a Register command. This can lead to an out of bounds write, resulting in memory corruption and a potentially exploitable crash. An attacker could exploit this by creating a specially crafted web page, tricking the victim into opening it, and then performing an out of bounds write to execute arbitrary code in the system. **Recommendations** For Thunderbird versions prior to 91.8, update to version 91.8 or later. For Firefox versions prior to 99, update to version 99 or later. For Firefox ESR versions prior to 91.8, update to version 91.8 or later.

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** A denial of service issue exists due to improper handling of objects in memory. This allows attackers to affect the system. **Recommendations** For Windows 7, apply the necessary patch to resolve the issue. For Windows Server 2012 R2, apply the necessary patch to resolve the issue. For Windows RT 8.1, apply the necessary patch to resolve the issue. For Windows Server 2008, apply the necessary patch to resolve the issue. For Windows Server 2012, apply the necessary patch to resolve the issue. For Windows 8.1, apply the necessary patch to resolve the issue. For Windows Server 2016, apply the necessary patch to resolve the issue. For Windows Server 2008 R2, apply the necessary patch to resolve the issue. For Windows 10, apply the necessary patch to resolve the issue. For Windows 10 Servers, apply the necessary patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe versions in Microsoft Windows Server 2008 SP2 and R2 SP1 Windows Uniscribe versions in Windows 7 SP1 Office versions 2007 SP3 and 2010 SP2 Word Viewer Office for Mac versions 2011 and 2016 Skype for Business version 2016 Lync versions 2013 SP1, 2010 Lync 2010 Attendee Live Meeting 2007 Add-in and Console **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code via a specially crafted website, document, or email attachment. This could enable the attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights. **Recommendations** For Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that contains a fix for this issue. For Windows Uniscribe in Windows 7 SP1, update to a newer version that contains a fix for this issue. For Office versions 2007 SP3 and 2010 SP2, update to a newer version that contains a fix for this issue. For Word Viewer, update to a newer version that contains a fix for this issue. For Office for Mac versions 2011 and 2016, update to a newer version that contains a fix for this issue. For Skype for Business version 2016, update to a newer version that contains a fix for this issue. For Lync versions 2013 SP1, 2010, and Lync 2010 Attendee, update to a newer version that contains a fix for this issue. For Live Meeting 2007 Add-in and Console, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to specially crafted websites, documents, or email attachments until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an information disclosure problem in the Windows GDI component, where it improperly discloses the contents of its memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. The vulnerability enables attackers to obtain sensitive information and potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe (affected versions not specified) **Description** The issue is related to an information disclosure problem where Windows Uniscribe improperly discloses the contents of its memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. The vulnerability enables attackers to obtain sensitive information and potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe (affected versions not specified) **Description** The issue allows attackers to obtain sensitive information and affect the system. It is an information disclosure vulnerability that exists when Windows Uniscribe improperly discloses the contents of its memory, potentially allowing an attacker to obtain information to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Uniscribe (affected versions not specified) **Description** The issue allows attackers to obtain sensitive information and affect the system. It is an information disclosure vulnerability that exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the issue could obtain information to further compromise the user’s system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 Gold, 1511, 1607 Windows Server 2016 Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Office Word Viewer Microsoft Lync 2013 SP1 Skype for Business 2016 Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows Microsoft Silverlight 5 when installed on Microsoft Windows **Description** The issue is related to the way Windows Uniscribe handles objects in memory, allowing a remote code execution. This could enable an attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights. **Recommendations** For Windows Server 2008 SP2 and R2 SP1, consider applying security updates to address the issue. For Windows 7 SP1, apply the latest security patches to mitigate the risk. For Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016, ensure all latest updates are installed. For Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, and Skype for Business 2016, apply the latest security updates. For Microsoft Silverlight 5 Developer Runtime and Microsoft Silverlight 5, ensure you have the latest version installed and consider disabling unnecessary features until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an information disclosure problem. It occurs when the Windows GDI component improperly discloses the contents of its memory. This could allow an attacker to obtain sensitive information, potentially further compromising the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Hyper-V Network Switch component of the Windows operating system. This allows an attacker to bypass certificate validation. Remote attackers can execute arbitrary code, affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows 10 Gold, 1511, and 1607 Microsoft Windows Server 2016 **Description** The issue allows guest OS users to execute arbitrary code on the host OS via a crafted application. This is due to insufficient input validation in the Hyper-V application. An attacker can exploit this issue to execute arbitrary code on the host OS using a specially crafted application. **Recommendations** For Microsoft Windows Vista SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2 and R2, update to a newer version that contains a fix for this issue. For Microsoft Windows 7 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 8.1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a newer version that contains a fix for this issue. For Microsoft Windows 10 Gold, 1511, and 1607, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2016, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Hyper-V application until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a JPEG file with a specific TIFFTAG JPEGTABLES length. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to an out-of-bounds write on tiled images with odd tile width versus image width. This can lead to a heap-buffer-overflow. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version has a known problem with tiled images that can cause a heap-buffer-overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to an out-of-bounds read in the `readContigTilesIntoBuffer()` function. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue arises from a uint16 integer overflow in the readContigStripsIntoBuffer() function, located in tools/tiffcrop.c, causing the program to read an undefined buffer. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version is affected by the integer overflow in the readContigStripsIntoBuffer() function.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to out-of-bounds write vulnerabilities in buffers within the tools/tiffcrop.c file of libtiff. **Recommendations** For libtiff version 4.0.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.