Daniel Shapira

**Name of the Vulnerable Software and Affected Versions** Jfrog Artifactory versions prior to 6.17.0 **Description** The issue is related to Jfrog Artifactory using default passwords, such as `password`, for administrative accounts and not requiring users to change them. This may allow unauthorized network-based attackers to completely compromise Jfrog Artifactory. **Recommendations** For Jfrog Artifactory versions prior to 6.17.0, update to version 6.17.0 or later to resolve the issue. As a temporary workaround, consider changing the default passwords for administrative accounts to strong, unique passwords. Restrict access to administrative accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qemu emulator version 3.0.0 and earlier **Description** The issue is related to an integer overflow that could lead to a buffer overflow problem. This occurs when receiving packets over the network, specifically with the NE2000 NIC emulation support. A user inside the guest could exploit this flaw to crash the Qemu process, resulting in a denial of service (DoS). **Recommendations** For Qemu emulator version 3.0.0 and earlier, consider disabling the NE2000 NIC emulation support as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qemu (affected versions not specified) **Description** The issue allows attackers to cause a denial of service or possibly have unspecified other impact due to `qemu deliver packet iov` in `net/net.c` accepting packet sizes greater than `INT MAX`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified) Description: The issue is related to an integer overflow in the `rtl8139 do receive` function of the QEMU hardware emulator. This can lead to a buffer overflow. The vulnerability may allow a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.16.13 **Description** The issue is related to the sr do ioctl function in the Linux kernel, which allows local users to cause a denial of service or possibly have other unspecified impacts due to a stack-based buffer overflow. This occurs because sense buffers have different sizes at the CDROM layer and the SCSI layer. An example of exploitation is through a CDROMREADMODE2 ioctl call. **Recommendations** For Linux kernel versions prior to 4.16.13, update to version 4.16.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the sr do ioctl function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.4.39 **Description** The issue is related to the try read command function in memcached.c, which allows remote attackers to cause a denial of service (segmentation fault) via a request to add or set a key. This is due to a comparison between signed and unsigned int, triggering a heap-based buffer over-read. The vulnerability exists because of an incomplete fix for a previous issue. **Recommendations** For versions prior to 1.4.39, update to version 1.4.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the try read command function until a patch is available.