Damian Pfammatter

**Name of the Vulnerable Software and Affected Versions** gdv-serverconfig (affected versions not specified) **Description** A remote attacker with user privileges can exploit a stack buffer overflow in the `gdv-serverconfig` method to gain full system access with root privileges. A stack buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially allowing the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** The `ugw-logstop()` method allows a remote attacker with user privileges to terminate arbitrary processes. This is caused by insufficient validation of user-supplied input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** The `ugw-logread()` method allows a remote attacker with user privileges to access arbitrary local files. This is caused by insufficient validation of user-supplied input, leading to a local file inclusion issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A remote attacker with user privileges can exploit a stack buffer overflow in the `bac-deviceobject()` method to gain full system access as root. A stack buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially allowing the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dali-devconfig (affected versions not specified) **Description** A remote attacker with user privileges can exploit a stack buffer overflow in the `dali-devconfig()` method to gain full system access with root privileges. A stack buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially allowing the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** The `bac-scanresult()` method allows a remote attacker with user privileges to delete arbitrary local files. This is caused by insufficient validation of user-controlled input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

**Name of the Vulnerable Software and Affected Versions** Secvisogram versions prior to 0.1.0 **Description** An high privileged attacker may pass crafted arguments to the `validate` function of `csaf-validator-lib` which can result in arbitrary code execution and Denial of Service (DoS) once the user triggers the validation. **Recommendations** For versions prior to 0.1.0, consider updating to a version that is 0.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `validate` function of `csaf-validator-lib` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Secvisogram csaf-validator-service versions prior to 0.1.0 **Description** The issue is related to insufficient input validation of requests by an unauthenticated remote user, which might lead to a partial Denial of Service (DoS) of the service. Specifically, the validate JSON endpoint processes tests with unexpected names. This affects only the request of the attacker. **Recommendations** For versions prior to 0.1.0, update to version 0.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the validate JSON endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** csaf provider versions prior to 0.8.2 **Description** The issue allows for Cross-site Scripting (XSS) via a crafted CSAF document uploaded as text/html. The "upload" endpoint allows valid CSAF advisories in JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When accessed via a web browser, these advisories are served and interpreted as HTML pages, allowing uploaded advisories to contain JavaScript code that executes within the browser context of users inspecting the advisory. **Recommendations** For versions prior to 0.8.2, update to version 0.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "upload" endpoint to minimize the risk of exploitation. Avoid using the endpoint to upload CSAF advisories with Content-Type text/html until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP Hybris versions prior to 6.0 **Description** The issue allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace in the Hybris Management Console (HMC) of SAP Hybris. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP Hybris versions prior to 6.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the Inbox Search feature of the Hybris Management Console (HMC). This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `itemsperpage` parameter. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue.