Eugene Lim

**Name of the Vulnerable Software and Affected Versions** Crestron devices (affected versions not specified) **Description** A hidden console command contains a command injection flaw occurring when control characters are passed to its second argument. This issue exists in the way the console command is passed to the `popen()` function. Authenticated attackers with SSH console access can exploit this to execute underlying operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libredwg versions prior to 0.12.5.6384 **Description** The issue is related to a Denial of Service (DoS) due to an out-of-bounds read involving `section->num pages` in the `decode r2007.c` file. This can cause the software to become unresponsive or crash. **Recommendations** For versions prior to 0.12.5.6384, update to version 0.12.5.6384 or later to resolve the issue. As a temporary workaround, consider restricting access to the `decode r2007.c` file or disabling the functionality that involves the `section->num pages` variable until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreshTomato version 2023.3 **Description** An OS command injection issue exists in the httpd iperfrun.cgi functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this issue. **Recommendations** For FreshTomato version 2023.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** @excalidraw/excalidraw versions 0.0.0 through 0.15.2 **Description** The issue is related to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization. This allows a remote attacker to conduct an XSS attack using a specially crafted link. The vulnerability affects users of the npm package @excalidraw/excalidraw, particularly in environments where untrusted user input in drawings is shared with third parties. **Recommendations** For versions prior to 0.15.3, update to version 0.15.3 or later to resolve the issue. For users who cannot update immediately, consider deploying the package in environments without untrusted user input to minimize the impact. As a temporary workaround, consider restricting the sharing of drawings that contain untrusted user input until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.12.0 **Description** A carefully crafted request on several JSPWiki plugins could trigger an issue that allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. **Recommendations** For versions prior to 2.12.0, upgrade to 2.12.0 or later.

**Name of the Vulnerable Software and Affected Versions** raysan5/raylib versions prior to 4.5.0 **Description** The issue is related to Cross-site Scripting (XSS) where the `SetClipboardText` API does not properly escape the ` character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via the `emscripten run script` function. This vulnerability is present only when compiling raylib for PLATFORM WEB, and all other Desktop/Mobile/Embedded platforms are not affected. **Recommendations** For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `SetClipboardText` API when compiling for PLATFORM WEB until a patch is available.

**Name of the Vulnerable Software and Affected Versions** apache fineract versions 1.4 through 1.8.2 **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability may allow authorized users to exploit it for limited impact on components. **Recommendations** For apache fineract versions 1.4 through 1.8.2, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libheif (affected versions not specified) **Description** The issue is related to the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a `memcpy()` call. This can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dhcp6relay (affected versions not specified) **Description** The issue is related to a buffer overflow in the DHCPv6 packet parsing code, which could be exploited by a remote attacker to craft a packet that causes an out-of-bounds memory write, leading to a crash of the dhcp6relay process. This process is critical and its failure could cause the dhcp relay docker to shut down. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ion-parser versions all **Description** The issue affects the ion-parser package, where an attacker can submit a malicious INI file to an application that uses the `parse` function, leading to prototype pollution on the application. This can be further exploited depending on the context. **Recommendations** For all versions of ion-parser, consider disabling the `parse` function until a patch is available to prevent prototype pollution attacks. Restrict the use of ion-parser to minimize the risk of exploitation. Avoid using ion-parser to parse untrusted INI files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** js-ini versions prior to 1.3.0 **Description** The issue arises when an attacker submits a malicious INI file to an application that uses the `parse` function to parse it. This can lead to prototype pollution on the application, which can be further exploited depending on the context. **Recommendations** For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `parse` function to minimize the risk of exploitation. Avoid parsing untrusted INI files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** conf-cfg-ini versions prior to 1.2.2 **Description** The issue arises when an attacker submits a malicious INI file to an application that parses it with decode, resulting in prototype pollution on the application. This can be exploited further depending on the context. **Recommendations** For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of INI files with decode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** properties-reader versions prior to 2.2.0 **Description** The issue concerns a prototype pollution vulnerability. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation are not provided. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synology Calendar versions prior to 2.4.5-10930 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors due to improper neutralization of input during web page generation. This can be exploited for Cross-site Scripting attacks. **Recommendations** For versions prior to 2.4.5-10930, update to version 2.4.5-10930 or later to resolve the issue. As a temporary workaround, consider restricting access to the Event Management feature in Synology Calendar until the update is applied.

**Name of the Vulnerable Software and Affected Versions** accel-pppd (affected versions not specified) **Description** The issue is related to a memory corruption vulnerability in the telnet input char function. This vulnerability occurs because user input cmdline len is copied into a fixed buffer b->buf without any bound checks. As a result, if the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** accel-pppd (affected versions not specified) **Description** The issue arises from a buffer overflow vulnerability in the `rad packet recv` function, located in `opt/src/accel-pppd/radius/packet.c`. This vulnerability occurs because user input `len` is copied into a fixed buffer `&attr->val.integer` without any bound checks. When a client connects to the server and sends a large radius packet, this buffer overflow vulnerability can be triggered. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 7.0.1-42218-2 **Description** The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection, in the Log Management functionality. This allows remote attackers to inject SQL commands via unspecified vectors. **Recommendations** For versions prior to 7.0.1-42218-2, update to version 7.0.1-42218-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Log Management functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 7.0.1-42218-2 **Description** The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection, in the Security Management functionality. This allows remote attackers to inject SQL commands via unspecified vectors. **Recommendations** For versions prior to 7.0.1-42218-2, update to version 7.0.1-42218-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Management functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache PLC4X - PLC4C versions prior to 0.9.1 **Description** The issue is related to an unsigned integer underflow flaw inside the tcp transport. To exploit this, a user would have to actively connect to a malicious device that could send a response with invalid content. The probability of this being exploited is currently considered minimal, but this could change in the future, especially with industrial networks growing together. **Recommendations** For versions prior to 0.9.1, update to version 0.9.1 to address the issue. As a temporary workaround, consider restricting connections to trusted devices to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Scalabium dBase Viewer version 2.6 (Build 5.751) Description: The issue allows for remote code execution via a crafted DBF file, which triggers a buffer overflow. An attacker can utilize the Structured Exception Handler (SEH) records to redirect execution to attacker-controlled code. Recommendations: For Scalabium dBase Viewer version 2.6 (Build 5.751), consider avoiding the use of crafted DBF files until a patch is available. As a temporary workaround, restrict the opening of DBF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.