Cen Zhang

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.22 Oracle VM VirtualBox versions prior to 7.1.2 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For Oracle VM VirtualBox versions prior to 7.0.22, update to version 7.0.22 or later. For Oracle VM VirtualBox versions prior to 7.1.2, update to version 7.1.2 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox until a patch is available.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.6.2 radare2.js versions prior to 5.6.2 **Description** A Heap-based Buffer Overflow issue has been identified. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For radare2 versions prior to 5.6.2, update to version 5.6.2 or later. For radare2.js versions prior to 5.6.2, update to version 5.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** radare2.js versions prior to 5.6.2 **Description** The issue is related to a Use After Free condition in the NPM radare2.js package. **Recommendations** For versions prior to 5.6.2, update to version 5.6.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.6.2 radare2.js versions prior to 5.6.2 **Description** The issue is related to a Use After Free and an Expired Pointer Dereference in the radare2 and radare2.js repositories. **Recommendations** For radare2 versions prior to 5.6.2, update to version 5.6.2 or later. For radare2.js versions prior to 5.6.2, update to version 5.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** radare2 (affected versions not specified) **Description** The issue is related to an Out-of-bounds Read. No specific details about affected devices or real-world incidents are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.6.0 **Description** The issue is related to a Use After Free condition in the Radare2 reverse engineering framework, which involves the use of memory after it has been freed. This can potentially allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For versions prior to 5.6.0, update to version 5.6.0 or later to resolve the issue.