Dwi Siswanto

**Name of the Vulnerable Software and Affected Versions** Apache MXNet versions prior to 1.9.1 **Description** A regular expression used in Apache MXNet is vulnerable to a potential denial-of-service by excessive resource consumption. The issue could be exploited when loading a model in Apache MXNet that has a specially crafted operator name, causing the regular expression evaluation to use excessive resources to attempt a match. **Recommendations** For Apache MXNet versions prior to 1.9.1, update to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the loading of models with specially crafted operator names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Doris versions prior to 1.0.0 **Description** The issue is related to the use of a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. **Recommendations** For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QSAN Storage Manager (affected versions not specified) **Description** The issue concerns a lack of filtering for special characters in the QSAN Storage Manager header page parameters. This allows remote attackers to inject JavaScript without logging in, enabling them to launch reflected XSS attacks. These attacks can result in accessing and modifying specific data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.