Christian Dresen

**Name of the Vulnerable Software and Affected Versions** Programmer installation utility (affected versions not specified) **Description** The issue arises from the programmer installation utility's failure to perform cryptographic authenticity or integrity checks on the software stored on a flash drive. This weakness can be exploited by an attacker to install unauthorized software using a specially crafted USB drive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue concerns the presence of unpatched vulnerabilities in off-the-shelf software components used by the affected device. A malicious attacker with physical access to the device could exploit these vulnerabilities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Boston Scientific Zoom Latitude Model 3120 **Description** An attacker with physical access to the device can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. **Recommendations** For Boston Scientific Zoom Latitude Model 3120, consider restricting physical access to the device to minimize the risk of exploitation. As a temporary workaround, limit the use of removable storage devices and ensure that all USB ports are securely managed to prevent the creation of specially crafted USB devices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region. This setting could then be used to interrogate or program an implantable device in any region in the world. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it. This could be used to create a physical duplicate of a valid hardware key, which allows access to special settings when inserted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.2 iPadOS versions prior to 15.2 **Description** A S/MIME issue existed in the handling of encrypted email, allowing an attacker to potentially recover plaintext contents of an S/MIME-encrypted email. This issue was addressed by not automatically loading some MIME parts. **Recommendations** For iOS versions prior to 15.2, update to iOS 15.2 or later to resolve the issue. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows HTML Platforms (affected versions not specified) **Description** The issue is related to errors in privilege management within the Windows HTML Platform component of the Windows operating system. This can allow a remote attacker to bypass existing security restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.9 **Description** The issue is related to the decryption of S/MIME parts in HTML messages, which can lead to plaintext leakage when included in a reply or forward. This is due to a lack of protection for certain data in the S/MIME and PGP functions of the Thunderbird email client. An attacker can exploit this issue by manipulating HTML messages to gain unauthorized access to protected information. **Recommendations** For versions prior to 52.9, update to version 52.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML replies or forwards for sensitive messages until the update is applied. Restrict access to sensitive information when using the affected Thunderbird versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.9 **Description** The issue is related to the Secure/Multipurpose Internet Mail Extensions (S/MIME) function in the Thunderbird email client, which lacks protection for certain data. This can allow a remote attacker to gain unauthorized access to protected information when an email is forwarded or replied to. Specifically, decrypted S/MIME parts that are hidden using CSS or the plaintext HTML tag can leak plaintext when included in an HTML reply or forward. **Recommendations** For versions prior to 52.9, update to version 52.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML replies or forwards for emails containing sensitive S/MIME-protected information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the Security component and allows websites to track users by leveraging the transmission of S/MIME client certificates. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the Mail component and allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to the handling of encrypted emails in Thunderbird, where plaintext of decrypted emails can leak when a user submits an embedded form. This is due to a lack of encryption measures for protected data. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later to resolve the issue. For Thunderbird versions prior to 52.8, update to version 52.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to the implementation of the S/MIME protocol in the Thunderbird email client, which is associated with insufficiently robust data encryption. This can lead to the disclosure of plaintext when using remote content in encrypted messages. Exploitation of the issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.8 Thunderbird ESR versions prior to 52.8 **Description** The issue is related to information disclosure. It allows a remote attacker to gain unauthorized access to protected information through the `src` attribute of remote images or links. This could lead to the leakage of plaintext from decrypted emails. **Recommendations** For Thunderbird versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. As a temporary workaround, consider restricting access to remote images or links in emails until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.4 **Description** The issue involves the `Mail` component and allows man-in-the-middle attackers to read S/MIME encrypted message content. This is achieved by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. **Recommendations** For macOS versions prior to 10.13.4, update to version 10.13.4 or later to resolve the issue.