Ezra Caltum

Name of the Vulnerable Software and Affected Versions: Intel Processor (affected versions not specified) Description: The issue is related to an incorrect behavior order in the transition between the executive monitor and the SMI transfer monitor (STM) in some Intel processors. This may allow a privileged user to potentially enable escalation of privilege via local access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to the incomplete cleanup of multi-core shared buffers for some Intel(R) Processors, which may allow an authenticated user to potentially enable information disclosure via local access. This vulnerability is associated with the disclosure of information and can be exploited to reveal protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel Processors (affected versions not specified) **Description** The issue is related to improper clearance or release of resources in Intel processor microcode, which may allow an attacker to cause a denial of service. It involves improper input validation for some Intel processors, potentially enabling an authenticated user to cause a denial of service via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to the incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors, which may allow an authenticated user to potentially enable information disclosure via local access. This vulnerability is associated with the disclosure of information and can be exploited by an attacker to reveal protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to incomplete cleanup in specific special register read operations, which may allow an authenticated user to potentially enable information disclosure via local access. This could allow an attacker to obtain sensitive information. The vulnerability is associated with the Intel Microcode and is related to the incomplete cleanup of temporary or auxiliary resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intellian Satellite TV antennas t-Series and v-Series version 1.07 **Description** The issue concerns the use of non-random default credentials, specifically `ftp/ftp` or `intellian:12345678`, which can be exploited by a remote network attacker to gain elevated access to a vulnerable device. **Recommendations** For version 1.07, change the default credentials `ftp/ftp` and `intellian:12345678` to unique and strong passwords to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Green Packet DX-350 **Description** The issue concerns the use of non-random default credentials, specifically `root:wimax`, which can be exploited by a remote network attacker to gain privileged access to a vulnerable device. **Recommendations** For Green Packet DX-350, change the default credentials to strong, unique ones to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Nuuo NT-4040 Titan firmware NT-4040 01.07.0000.0015 1120 **Description** The issue concerns the use of non-random default credentials, specifically `admin:admin` and `localdisplay:111111`, which can be exploited by a remote network attacker to gain privileged access to a vulnerable device. **Recommendations** For Nuuo NT-4040 Titan firmware NT-4040 01.07.0000.0015 1120, change the default credentials `admin:admin` and `localdisplay:111111` to strong, unique credentials to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Synology NAS servers DS107 version 3.1-1639 and prior Synology NAS servers DS116 versions prior to 5.2-5644-1 Synology NAS servers DS213 versions prior to 5.2-5644-1 **Description** The issue concerns the use of non-random default credentials in Synology NAS servers. Specifically, the default credentials are `guest:` (blank) and `admin:` (blank). A remote network attacker can exploit this to gain privileged access to a vulnerable device. **Recommendations** For DS107 version 3.1-1639 and prior, change the default credentials for `guest` and `admin` to secure passwords. For DS116 versions prior to 5.2-5644-1, update to version 5.2-5644-1 or later and change the default credentials for `guest` and `admin` to secure passwords. For DS213 versions prior to 5.2-5644-1, update to version 5.2-5644-1 or later and change the default credentials for `guest` and `admin` to secure passwords.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 57 **Description** The issue is related to the "pingsender" executable used by the Firefox Health Report, which dynamically loads a system copy of libcurl. An attacker with local system access could replace libcurl, allowing for privilege escalation as the replaced libcurl code will run with Firefox's privileges. This issue affects OS X and Linux systems, while Windows systems are not affected. **Recommendations** For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider restricting access to the system copy of libcurl to minimize the risk of exploitation.