Danny Grander

**Name of the Vulnerable Software and Affected Versions** MintegralAdSDK versions prior to 6.6.0.0 **Description** The issue concerns malicious functionality within the SDK that acts as a backdoor, allowing Mintegral and its partners to remotely execute arbitrary code on a user's device. This enables them to perform unauthorized actions on the device. **Recommendations** For versions prior to 6.6.0.0, update to version 6.6.0.0 or later to resolve the issue. As a temporary workaround, consider restricting or disabling the use of the MintegralAdSDK until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** com.mintegral.msdk:alphab (affected versions not specified) **Description** The Android SDK contains malicious functionality that tracks downloads from Google URLs, including file downloads, e-mail attachments, and Google Docs links, as well as all APK downloads. The module listens to download events in Android's download manager and detects if the downloaded file's URL contains google.com or comes from a Google app, or ends with .apk for APK downloads. The captured data is sent back to Mintegral's servers. This functionality runs even when the app is not in focus, i.e., in the background. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: plexus-archiver versions prior to 3.6.0 Description: The issue allows attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This is also known as 'Zip-Slip'. Recommendations: For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to archive extraction functionality until a patch is available. Avoid using the affected archive extraction feature in plexus-archiver until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Hive versions 2.1.0 through 2.3.2 **Description** The issue arises when the 'COPY FROM FTP' statement is executed using the HPL/SQL extension to Hive. A malicious FTP server can cause a file to be written to an arbitrary location on the cluster, as the FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This issue does not affect Hive CLI users or HiveServer2 users, as HPL/SQL is a separate command-line script invoked differently. **Recommendations** For Apache Hive versions 2.1.0 through 2.3.2, consider disabling the HPL/SQL extension until a patch is available to prevent potential exploitation. Restrict access to the 'COPY FROM FTP' statement to minimize the risk of arbitrary file writes on the cluster.