Fakhri Zulkifli

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) (affected versions not specified) **Description** The issue is related to a NULL Pointer Dereference in the asm/labels.c file of Netwide Assembler (NASM). This allows an attacker to cause a denial of service by providing a crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios Core versions 4.4.1 and earlier **Description** The issue is related to a NULL pointer dereference vulnerability in the qh help component. This vulnerability can be exploited by an attacker to cause a local denial-of-service condition. The exploitation involves sending a crafted payload to the listening UNIX socket. **Recommendations** For Nagios Core versions 4.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios Core versions 4.4.1 and earlier **Description** The issue allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket, due to a NULL pointer dereference vulnerability in qh core. **Recommendations** For Nagios Core versions 4.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 5.0 **Description** The issue is related to a type confusion in the xgroupCommand function in t stream.c in redis-server, allowing remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. **Recommendations** For versions prior to 5.0, update to version 5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 4.0.10 Redis versions 5.x prior to 5.0 RC3 **Description** The issue is related to a buffer overflow in the redis-cli interface of the Redis database management system. This buffer overflow is due to improper restriction of operations within a memory buffer. An attacker can exploit this issue by using a crafted command line, potentially leading to code execution, privilege escalation, and access to confidential data. The exploitation could also disrupt data integrity and cause a denial of service. **Recommendations** For Redis versions prior to 4.0.10, update to version 4.0.10 or later. For Redis versions 5.x prior to 5.0 RC3, update to version 5.0 RC3 or later. As a temporary workaround, consider restricting the use of the redis-cli interface until a patch is applied. Avoid using the redis-cli with untrusted input, especially with arguments like hostname (-h) that could be manipulated by an attacker.