Dhiraj Mishra

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions prior to 6.2.7 **Description** Wing FTP Server versions prior to 6.2.7 have a cross-site request forgery (CSRF) issue in the web administration interface. This allows attackers to delete administrative users by crafting a malicious HTML page with a hidden form that submits a request to delete the administrative user account without authorization. **Recommendations** Update Wing FTP Server to version 6.2.7 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle Global Lifecycle Management NextGen OUI Framework versions prior to 13.9.4.2.11 **Description** The issue is related to insufficient input validation in the NextGen Installer issues component of Oracle Global Lifecycle Management NextGen OUI Framework, allowing a low-privileged attacker with logon to the infrastructure to compromise the system. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle Global Lifecycle Management NextGen OUI Framework. **Recommendations** For versions prior to 13.9.4.2.11, update to version 13.9.4.2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the NextGen Installer issues component to minimize the risk of exploitation. Additionally, ensure that all users with logon access to the infrastructure are trusted and monitored, as successful attacks require human interaction from a person other than the attacker.

**Name of the Vulnerable Software and Affected Versions** Apache Pluto versions prior to 3.1.1 **Description** The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. **Recommendations** For versions prior to 3.1.1, migrate to version 3.1.1 of the v3-demo-portlet.war artifact.

Name of the Vulnerable Software and Affected Versions: Bosch Video Streaming Gateway versions up to and including 6.45.10 Description: The issue allows an attacker to execute arbitrary code on a victim's system by calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer. This can happen if the victim is tricked into placing a malicious executable in the same directory where the installer is started from. Recommendations: For Bosch Video Streaming Gateway versions up to and including 6.45.10, ensure that the installer is run from a secure directory to prevent malicious executables from being executed. As a temporary workaround, consider restricting access to the directory where the installer is run to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Bosch Monitor Wall versions up to and including 10.00.0164 Description: The issue allows an attacker to execute arbitrary code on a victim's system by loading a DLL through an uncontrolled search path element in the Bosch Monitor Wall installer. This can happen if the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. Recommendations: For versions up to and including 10.00.0164, ensure that no malicious DLLs are placed in the directory where the installer is run to prevent arbitrary code execution. As a temporary workaround, consider restricting the execution of the installer to trusted directories only.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Antivirus for Mac 2020 (Consumer) **Description** The issue allows an Internationalized Domain Name homograph attack, also known as a Puny-code attack, to be used for adding a malicious website to the list of approved websites. This can bypass the web threat protection feature. **Recommendations** For Trend Micro Antivirus for Mac 2020 (Consumer), consider restricting access to the feature that allows adding websites to the approved list until a fix is available. As a temporary workaround, manually monitor and verify the approved websites list to prevent malicious additions.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) **Description** A remote code execution issue exists due to improper input validation before loading dynamic link library (DLL) files. This can be exploited by an attacker to execute arbitrary code using a specially crafted document. The vulnerability is also related to the use of an unreliable path search. **Recommendations** For Microsoft Office, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft 365 Apps for Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 8.1.2136 **Description** The issue is related to the autocmd feature in Vim, specifically in the window.c file, which accesses freed memory. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 8.1.2136, update to version 8.1.2136 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Telegram versions prior to 5.11 **Description** The issue concerns the "delete for" feature, which does not properly delete shared media files from the Telegram Images directory on Android devices. This can lead to a misleading user interface indication that a sender has removed a recipient's copy of a previously sent image, when in fact the image remains accessible. **Recommendations** For versions prior to 5.11, update to version 5.11 or later to ensure that the "delete for" feature functions as intended and properly removes shared media files from the Telegram Images directory.

**Name of the Vulnerable Software and Affected Versions** WEBrick gem version 1.4.2 **Description** The issue allows directory traversal if an attacker had local access to create a symlink to a location outside of the web root directory. The vendor considers this analogous to Options FollowSymlinks in the Apache HTTP Server. **Recommendations** For WEBrick gem version 1.4.2, consider restricting access to creating symlinks outside of the web root directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSC version 0.19.0 **Description** The issue is related to a memory leak in the OpenSC library, specifically in the `sc context create` function in `ctx.c`. This leak occurs due to incorrect memory deallocation before the last reference is removed. Exploitation of this issue could allow a remote attacker to cause a denial of service. The memory leak is demonstrated by a call from `eidenv`. **Recommendations** For OpenSC version 0.19.0, consider applying a patch or updating to a newer version that fixes the memory leak issue in the `sc context create` function. As a temporary workaround, consider restricting the use of the `sc context create` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GattLib version 0.2 **Description** The issue is related to a stack-based buffer over-read in the `gattlib connect` function, located in `dbus/gattlib.c`, due to the misuse of `strncpy`. **Recommendations** For GattLib version 0.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aria2 version 1.33.1 **Description** The issue is related to the aria2c component in the aria2 utility, which can lead to information disclosure through log files. When the --log option is used, aria2c can store an HTTP Basic Authentication `username` and `password` in a file. This might allow local users to obtain sensitive information by reading this file. The exploitation of this issue may allow an attacker to gain unauthorized access to protected information. **Recommendations** For aria2 version 1.33.1, consider disabling the --log option to prevent sensitive information from being stored in log files until a fix is available. Restrict access to log files generated by aria2c to minimize the risk of exploitation. Avoid using the `username` and `password` in the affected log files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libIEC61850 version 1.3 **Description** A stack-based buffer overflow issue has been identified in the prepareGooseBuffer function located in goose/goose publisher.c. **Recommendations** For libIEC61850 version 1.3, consider disabling the prepareGooseBuffer function in goose/goose publisher.c as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop (aka tdesktop) version 1.3.16 alpha **Description** The issue concerns the transmission of sensitive data in cleartext when a specific setting is enabled. Specifically, when "Use proxy" is enabled, credentials and application data are sent in cleartext over the SOCKS5 protocol. **Recommendations** For Telegram Desktop (aka tdesktop) version 1.3.16 alpha, consider disabling the "Use proxy" setting until a fix is available to prevent credentials and application data from being sent in cleartext.

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop (aka tdesktop) version 1.3.14 **Description** The issue might allow attackers to cause a denial of service, resulting in an assertion failure and application exit, via an "Edit color palette" search that triggers an "index out of range" condition. This issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary. **Recommendations** For Telegram Desktop (aka tdesktop) version 1.3.14, as a temporary workaround, consider restricting the use of the "Edit color palette" feature until a patch is available. Avoid using the "Edit color palette" search function to minimize the risk of triggering the "index out of range" condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK+ versions prior to 2.21.4 **Description** The issue arises from the `webkitFaviconDatabaseSetIconForPageURL` and `webkitFaviconDatabaseSetIconURLForPageURL` functions in `UIProcess/API/glib/WebKitFaviconDatabase.cpp` of WebKit, which is used in WebKitGTK+. The functions mishandle an unset `pageURL`, resulting in an application crash. **Recommendations** For WebKitGTK+ versions prior to 2.21.4, update to version 2.21.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DuckDuckGo version 4.2.0 **Description** The issue concerns the WebRTC component, which can disclose a private IP address in a STUN request after visiting a website that attempts to gather complete client information, such as https://ip.voidsec.com. **Recommendations** For DuckDuckGo version 4.2.0, consider disabling WebRTC as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet Browser version 5.4.02.3 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. This is achieved by redirecting to a child tab and rewriting the `innerHTML` property. **Recommendations** For Samsung Internet Browser version 5.4.02.3, consider disabling JavaScript execution in child tabs as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Notes versions 8.5 through 9.0 **Description** The issue allows for a denial of service, where if a user clicks on a malicious link, it could cause the Notes client to hang, requiring a restart. **Recommendations** For versions 8.5 and 9.0, avoid clicking on suspicious links from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.