Dave Mcdaniel

**Name of the Vulnerable Software and Affected Versions** GTKWave version 3.3.115 **Description** Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This issue concerns the out-of-bounds write performed by the string copy loop. **Recommendations** For GTKWave version 3.3.115, as a temporary workaround, consider restricting the use of the LXT2 parsing functionality until a patch is available. Avoid opening untrusted .lxt2 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GTKWave version 3.3.115 **Description** Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This issue concerns the out-of-bounds write performed by the prefix copy loop. **Recommendations** For GTKWave version 3.3.115, consider avoiding the use of the LXT2 parsing functionality until a patch is available. As a temporary workaround, restrict the opening of .lxt2 files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GTKWave version 3.3.115 **Description** A stack-based buffer overflow vulnerability exists in the LXT2 `lxt2 rd expand integer to bits` function. This issue can be triggered by a specially crafted .lxt2 file, potentially leading to arbitrary code execution. A victim would need to open a malicious file to activate this vulnerability. **Recommendations** For GTKWave version 3.3.115, consider avoiding the use of the `lxt2 rd expand integer to bits` function until a patch is available. As a temporary workaround, restrict the opening of .lxt2 files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear Orbi Router RBR750 version 4.6.8.5 **Description** A command execution vulnerability exists in the access control functionality of the Netgear Orbi Router RBR750. This vulnerability can be triggered by a specially-crafted HTTP request, allowing an attacker to execute arbitrary commands. The attacker must make an authenticated HTTP request to exploit this issue. **Recommendations** For Netgear Orbi Router RBR750 version 4.6.8.5, consider disabling access control functionality until a patch is available. Restrict access to the router to minimize the risk of exploitation. Avoid using the vulnerable access control functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear Orbi Router RBR750 version 4.6.8.5 **Description** A cleartext transmission issue exists in the Remote Management functionality. This can be exploited by a specially-crafted man-in-the-middle attack, potentially leading to the disclosure of sensitive information. **Recommendations** For Netgear Orbi Router RBR750 version 4.6.8.5, consider disabling the Remote Management functionality until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Netgear Orbi Satellite RBS750 version 4.6.8.5 **Description** A command execution vulnerability exists in the ubus backend communications functionality. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. The issue is also related to the presence of undocumented commands, which can be exploited by a remote attacker to execute arbitrary commands using a specially crafted packet. **Recommendations** For Netgear Orbi Satellite RBS750 version 4.6.8.5, consider disabling the ubus backend communications functionality until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear Orbi Router RBR750 version 4.6.8.5 **Description** A command execution issue exists in the hidden telnet service functionality. This can be exploited by sending a specially-crafted network request, potentially allowing an attacker to execute arbitrary commands. The issue is related to the use of the Blowfish cryptographic algorithm in the `crypt 64bit up/down()` function. **Recommendations** For Netgear Orbi Router RBR750 version 4.6.8.5, consider disabling the hidden telnet service functionality until a patch is available. Restrict access to the UDP port 23 to minimize the risk of exploitation. Avoid using the vulnerable `crypt 64bit up/down()` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** node-sqlite3 versions 5.0.0 through 5.1.4 **Description** A code execution issue exists in the Statement Bindings functionality of node-sqlite3. This can be triggered by a specially-crafted Javascript file, allowing for arbitrary code execution. An attacker can provide malicious input to exploit this issue. The vulnerability can also lead to denial-of-service if a binding parameter is a crafted Object. **Recommendations** For node-sqlite3 versions 5.0.0 through 5.1.4, upgrade to version 5.1.5 or later to resolve the issue. As a temporary workaround, ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.

**Name of the Vulnerable Software and Affected Versions** Ghost Foundation Ghost version 5.9.4 **Description** An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post, tricking an administrator into visiting the post. A stored XSS vulnerability exists in the `codeinjection foot` for a post. **Recommendations** For Ghost Foundation Ghost version 5.9.4, consider disabling the `codeinjection foot` functionality for posts until a patch is available. Restrict access to post creation functionality to minimize the risk of exploitation. Avoid using the post creation feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghost Foundation Ghost version 5.9.4 **Description** An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post, tricking an administrator into visiting the post. A stored XSS vulnerability exists in the `codeinjection head` for a post. **Recommendations** For Ghost Foundation Ghost version 5.9.4, consider disabling the `codeinjection head` functionality for posts until a patch is available. Restrict access to post creation functionality to minimize the risk of exploitation. Avoid using the post creation feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghost Foundation Ghost version 5.9.4 **Description** An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post, tricking an administrator into visiting the post. A stored XSS vulnerability also exists in the `facebook` field for a user. **Recommendations** For Ghost Foundation Ghost version 5.9.4, consider disabling the Post Creation functionality until a patch is available. Restrict access to the `facebook` field for users to minimize the risk of exploitation. Avoid using the `facebook` field in user profiles until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ghost versions 5.9.4 **Description** An insecure default issue exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. An attacker can trigger this by sending an HTTP request to inject Javascript in a post, tricking an administrator into visiting it. A stored XSS issue also exists in the `twitter` field for a user. **Recommendations** For version 5.9.4, consider disabling the Post Creation functionality until a patch is available. Restrict access to the `twitter` field to minimize the risk of exploitation. Avoid using the `twitter` field in user profiles until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ghost Foundation Ghost versions 4.46.0 through 4.48.7 Ghost Foundation Ghost versions 5.0.0 through 5.22.6 Ghost Foundation Ghost version 5.9.4 **Description** An authentication bypass vulnerability exists in the newsletter subscription functionality. A specially-crafted HTTP request can lead to increased privileges. This issue was caused by a gap in API validation for nested objects, allowing unprivileged users to make changes to newsletter settings and view or change settings they were not intended to have access to. **Recommendations** For Ghost Foundation Ghost versions 4.46.0 through 4.48.7, update to version 4.48.8 or later. For Ghost Foundation Ghost versions 5.0.0 through 5.22.6, update to version 5.22.7 or later. For Ghost Foundation Ghost version 5.9.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling members until an update can be performed.

**Name of the Vulnerable Software and Affected Versions** HDF5 Group libhdf5 version 1.10.4 **Description** An out-of-bounds write issue exists in the gif2h5 functionality, allowing code execution through a specially-crafted GIF file. An attacker can trigger this issue by providing a malicious file, potentially enabling them to execute arbitrary code on the target system. **Recommendations** For version 1.10.4, consider avoiding the use of the gif2h5 functionality until a patch is available. As a temporary workaround, restrict the opening of GIF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libhdf5 version 1.10.4 **Description** The issue is related to an out-of-bounds read vulnerability in the gif2h5 functionality of the libhdf5 library. This vulnerability can be exploited by a remote attacker who provides a specially-crafted GIF file, potentially leading to code execution in the target system. The exploitation occurs when a user opens a maliciously created GIF file. **Recommendations** For libhdf5 version 1.10.4, consider avoiding the use of the gif2h5 functionality until a patch is available. As a temporary workaround, restrict the opening of GIF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libhdf5 version 1.10.4 **Description** The issue is related to a heap-based buffer overflow vulnerability in the gif2h5 functionality of the libhdf5 library. This vulnerability can be exploited by opening a specially crafted GIF file, potentially allowing an attacker to execute arbitrary code on the target system. **Recommendations** For libhdf5 version 1.10.4, consider disabling the gif2h5 functionality until a patch is available to prevent exploitation of the heap-based buffer overflow vulnerability.

**Name of the Vulnerable Software and Affected Versions** Swift Sensors Gateway SG3-1010 (affected versions not specified) **Description** The issue concerns an authentication bypass vulnerability in the device password generation functionality. It can be exploited through a specially-crafted network request, potentially leading to remote code execution. An attacker can trigger this issue by sending a sequence of requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-LINK DIR-3040 version 1.13B03 **Description** An information disclosure issue exists in the WiFi Smart Mesh functionality. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this issue. **Recommendations** For D-LINK DIR-3040 version 1.13B03, consider restricting access to the MQTT service as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-LINK DIR-3040 version 1.13B03 **Description** A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality. This issue can be triggered by a specially crafted network request, potentially leading to a denial of service. An attacker can exploit this by sending a sequence of requests. **Recommendations** For D-LINK DIR-3040 version 1.13B03, consider changing the hard-coded password in the Zebra IP Routing Manager functionality to prevent exploitation. As a temporary workaround, restrict access to the Zebra IP Routing Manager to minimize the risk of denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** D-LINK DIR-3040 version 1.13B03 **Description** A hard-coded password vulnerability exists in the Libcli Test Environment functionality. This issue can be triggered by a specially crafted network request, potentially leading to code execution. An attacker can exploit this by sending a sequence of requests. **Recommendations** For D-LINK DIR-3040 version 1.13B03, consider restricting access to the Libcli Test Environment functionality until a fix is available. As a temporary workaround, avoid using the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.