Chris Leech

**Name of the Vulnerable Software and Affected Versions** NetSupport Manager version 14.12.0001 **Description** NetSupport Manager contains an unauthenticated SQL injection flaw in the way its Connectivity Server/Gateway handles HTTPS requests. The server uses an unsanitized SQLite query against the FileLinks table within the `gateway.db` database to evaluate request URIs. An attacker can inject SQL code through the `LinkName`/`URI` value, allowing control over the `FileName` field. This control enables the server to read and return arbitrary local files from disk, leading to potential arbitrary local file disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetSupport Manager versions prior to 14.12.0001 **Description** NetSupport Manager relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. This key is stored using a reversible encoding scheme. An attacker gaining access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed using the same key. **Recommendations** Update NetSupport Manager to version 14.12.0001 or later.

**Name of the Vulnerable Software and Affected Versions** NetSupport Manager versions prior to 14.12.0001 **Description** NetSupport Manager contains a flaw in the Connectivity Server/Gateway PUTFILE request handler that allows for arbitrary file writing. An attacker possessing a valid Gateway Key can exploit this by providing a specially crafted filename with directory traversal sequences. This enables the attacker to write files to arbitrary locations on the server, potentially including the placement of malicious DLLs or executables in privileged directories. Successful exploitation can lead to remote code execution within the context of the NetSupport Manager connectivity service. **Recommendations** Update NetSupport Manager to version 14.12.0001 or later.

**Name of the Vulnerable Software and Affected Versions** Xiongmai DVR devices NBD80X16S-KL Xiongmai DVR devices NBD80X09S-KL Xiongmai DVR devices NBD80X08S-KL Xiongmai DVR devices NBD80X09RA-KL Xiongmai DVR devices AHB80X04R-MH Xiongmai DVR devices AHB80X04R-MH-V2 Xiongmai DVR devices AHB80X04-R-MH-V3 Xiongmai DVR devices AHB80N16T-GS Xiongmai DVR devices AHB80N32F4-LME Xiongmai DVR devices NBD90S0VT-QW **Description** A buffer overflow in Xiongmai DVR devices allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. **Recommendations** For Xiongmai DVR devices NBD80X16S-KL, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices NBD80X09S-KL, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices NBD80X08S-KL, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices NBD80X09RA-KL, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices AHB80X04R-MH, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices AHB80X04R-MH-V2, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices AHB80X04-R-MH-V3, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices AHB80N16T-GS, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices AHB80N32F4-LME, consider disabling the RSTP request functionality until a patch is available. For Xiongmai DVR devices NBD90S0VT-QW, consider disabling the RSTP request functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible use-after-free in the transport error recovery work of the nvme-tcp module. This occurs when `nvme tcp submit async event work` checks the control and queue state before preparing the AER command and scheduling io work. To prevent a race where this check is not reliable, the error recovery work must flush `async event work` before continuing to destroy the admin queue after setting the control state to RESETTING. This ensures there is no race between `submit async event` and the error recovery handler itself changing the control state. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.