Douglas Mckee

**Name of the Vulnerable Software and Affected Versions** Dataprobe iBoot PDU versions 1.43.03312023 or earlier **Description** The issue concerns a buffer overflow vulnerability in the librta.so.0.0.0 library. Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server. Additionally, there is a vulnerability that allows an authenticated user to pass arbitrary OS commands through the `username` field when adding a remote backup location, potentially leading to the execution of arbitrary code with system-level access. **Recommendations** For Dataprobe iBoot PDU versions 1.43.03312023 or earlier, consider disabling the librta.so.0.0.0 library until a patch is available. As a temporary workaround, restrict access to the web server to minimize the risk of exploitation. Avoid using the `username` field when adding a remote backup location until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Netop Vision Pro versions up to and including 9.7.2 Description: The issue is related to an out of bounds write vulnerability in the JPEG parsing code, which could allow an adjacent unauthenticated attacker to write to arbitrary memory. This could potentially lead to a Denial of Service (DoS). Recommendations: For versions up to and including 9.7.2, update to a version later than 9.7.2 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Agora Video SDK versions prior to 3.1 Description: The issue concerns the cleartext transmission of sensitive information, allowing a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic. Recommendations: For Agora Video SDK versions prior to 3.1, update to version 3.1 or later to resolve the issue.