Dan

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An out-of-bounds access issue exists in the AMD display driver within the Linux kernel. The `eng id` variable is used as an index for the `stream enc regs[]` array, which contains only five entries. If `eng id` is negative or equal to 5 (ENGINE ID DIGF), the system may access memory beyond the array boundaries. This occurs within the `dcn35 stream encoder create()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mintlify Platform versions prior to 2025-11-15 **Description** A Server-Side Template Injection (SSTI) flaw exists in the MDX Rendering Engine of Mintlify Platform. This issue allows remote attackers to execute arbitrary code through inline JSX expressions within an MDX file. The vulnerability is related to the processing of MDX files and the rendering of JSX expressions. SSTI occurs when user-supplied input is incorporated into a server-side template without proper sanitization, allowing an attacker to inject malicious code that is then executed by the server. **Recommendations** Update Mintlify Platform to a version released on or after 2025-11-15.

**Name of the Vulnerable Software and Affected Versions** Mintlify Platform versions prior to 2025-11-15 **Description** A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing path traversal sequences. The endpoint vulnerable to this issue is the `/static` asset proxy endpoint. The vulnerability involves manipulating the URL to access files outside the intended directory. **Recommendations** Update Mintlify Platform to version 2025-11-15 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 8.2 NetBSD (affected versions not specified) **Description** The issue is related to an Information Disclosure vulnerability in the 802.11 stack. A signedness error in the `IEEE80211 IOC CHANINFO` ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, potentially disclosing sensitive information. **Recommendations** For FreeBSD versions prior to 8.2, update to version 8.2 or later to resolve the issue. For NetBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `IEEE80211 IOC CHANINFO` ioctl to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CouchDB version 0.8.0 **Description** The issue is related to an untrusted search path vulnerability in a Debian GNU/Linux patch for the couchdb script. This vulnerability allows local users to gain privileges by using a crafted shared library in the current working directory. **Recommendations** For CouchDB version 0.8.0, consider restricting access to the couchdb script until a patch is available. As a temporary workaround, avoid using the vulnerable script in untrusted environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.