Brandonprry

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.7.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault and process crash. **Recommendations** For versions prior to 4.7.4, update to version 4.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.99.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by utilizing a crafted mew packer executable. **Recommendations** For versions prior to 0.99.2, update to version 0.99.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.99.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by sending a crafted 7z file. **Recommendations** For versions prior to 0.99.2, update to version 0.99.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Solarwinds Orion Platform version 2015.1 Network Performance Monitor (NPM) versions prior to 11.5 NetFlow Traffic Analyzer (NTA) versions prior to 4.1 Network Configuration Manager (NCM) versions prior to 7.3.2 IP Address Manager (IPAM) versions prior to 4.3 User Device Tracker (UDT) versions prior to 3.2 VoIP & Network Quality Manager (VNQM) versions prior to 4.2 Server & Application Manager (SAM) versions prior to 6.2 Web Performance Monitor (WPM) versions prior to 2.2 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `dir` or `sort` parameter to the "GetAccounts" or "GetAccountGroups" endpoint. **Recommendations** For Solarwinds Orion Platform version 2015.1, update to a version later than 2015.1. For Network Performance Monitor (NPM) versions prior to 11.5, update to version 11.5 or later. For NetFlow Traffic Analyzer (NTA) versions prior to 4.1, update to version 4.1 or later. For Network Configuration Manager (NCM) versions prior to 7.3.2, update to version 7.3.2 or later. For IP Address Manager (IPAM) versions prior to 4.3, update to version 4.3 or later. For User Device Tracker (UDT) versions prior to 3.2, update to version 3.2 or later. For VoIP & Network Quality Manager (VNQM) versions prior to 4.2, update to version 4.2 or later. For Server & Application Manager (SAM) versions prior to 6.2, update to version 6.2 or later. For Web Performance Monitor (WPM) versions prior to 2.2, update to version 2.2 or later. As a temporary workaround, consider restricting access to the "GetAccounts" and "GetAccountGroups" endpoints until a patch is available. Avoid using the `dir` and `sort` parameters in these endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libical version 1.0 Thunderbird (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service. It is related to a use-after-free error, which can be triggered by a crafted ics file. The vulnerability is also associated with a memory usage issue after release, potentially enabling a remote attacker to cause a service disruption. **Recommendations** For libical version 1.0, update to a version that fixes the use-after-free error. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell SonicWall Scrutinizer version 11.0.1 **Description** The issue allows remote authenticated users to change user passwords. This is achieved by modifying the `savePrefs` parameter in a change password request to the "cgi-bin/admin.cgi" endpoint, specifically by utilizing the `user ID`. **Recommendations** For Dell SonicWall Scrutinizer version 11.0.1, consider restricting access to the "cgi-bin/admin.cgi" endpoint until a patch is available. As a temporary workaround, avoid using the `user ID` in the `savePrefs` parameter to minimize the risk of exploitation.