Connor Ford

**Name of the Vulnerable Software and Affected Versions** Silicon Labs Gecko OS (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the implementation of the `http download` command, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this issue to execute code in the context of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An unauthenticated remote attacker could send specifically crafted packets to an affected device. If an authenticated user then views that data in a specific page of the web-based management, a buffer overflow will be triggered, allowing the attacker to gain full access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to an unauthenticated remote attacker being able to use an XSS attack due to improper neutralization of input during web page generation. This requires user interaction and leads to a limited impact on confidentiality and integrity, but no impact on availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Canon imageCLASS MF753Cdw version 03.07 and earlier Canon imageCLASS MF750C Series version 03.07 and earlier Color imageCLASS X MF1333C version 03.07 and earlier i-SENSYS MF754Cdw version 03.07 and earlier i-SENSYS MF754Cdw/C1333iF version 03.07 and earlier Satera MF750C Series version 03.07 and earlier **Description** The issue is related to a buffer overflow in the CPCA PCFAX number process of Office Multifunction Printers and Laser Printers, which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. The exploitation of this issue can be done remotely without requiring authentication. **Recommendations** For Canon imageCLASS MF753Cdw version 03.07 and earlier, update the firmware to a version later than 03.07. For Canon imageCLASS MF750C Series version 03.07 and earlier, update the firmware to a version later than 03.07. For Color imageCLASS X MF1333C version 03.07 and earlier, update the firmware to a version later than 03.07. For i-SENSYS MF754Cdw version 03.07 and earlier, update the firmware to a version later than 03.07. For i-SENSYS MF754Cdw/C1333iF version 03.07 and earlier, update the firmware to a version later than 03.07. For Satera MF750C Series version 03.07 and earlier, update the firmware to a version later than 03.07.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.2 iPadOS versions prior to 14.2 **Description** An authentication issue was addressed with improved state management, allowing a person with physical access to an iOS device to potentially access stored passwords without authentication. **Recommendations** For iOS versions prior to 14.2, update to iOS 14.2 or later to resolve the issue. For iPadOS versions prior to 14.2, update to iPadOS 14.2 or later to resolve the issue.