Fatih Çelik

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.4.0 through 4.4.12 Wireshark versions 4.6.0 through 4.6.2 **Description** A flaw exists in the SOME/IP-SD protocol dissector within Wireshark. This issue can lead to a denial of service. **Recommendations** Update Wireshark to a version later than 4.6.2. Update Wireshark to a version later than 4.4.12.

Name of the Vulnerable Software and Affected Versions: Group Office CRM version 6.4.196 Description: The issue concerns a Cross Site Scripting (XSS) problem. It is related to the `SET LANGUAGE` parameter. Recommendations: For Group Office CRM version 6.4.196, avoid using the `SET LANGUAGE` parameter until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Group Office version 6.4.196 Description: A Server-Side Request Forgery (SSRF) issue allows a remote attacker to forge GET requests to arbitrary URLs via the `url` parameter to "group/api/upload.php" API endpoint. Recommendations: For Group Office version 6.4.196, as a temporary workaround, consider restricting access to the "group/api/upload.php" API endpoint until a patch is available. Avoid using the `url` parameter in this endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Deark versions prior to 1.5.8 Description: The issue arises from a specially crafted input file that can cause a NULL pointer dereference in the `dbuf write` function, located in `src/deark-dbuf.c`. Recommendations: For versions prior to 1.5.8, update to version 1.5.8 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Deark versions prior to 1.5.8 Description: A specially crafted input file can cause a division by zero in the `src/fmtutil.c` file due to the value of `pixelsize`. Recommendations: For versions prior to 1.5.8, update to version 1.5.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.40 Oracle VM VirtualBox versions prior to 6.0.20 Oracle VM VirtualBox versions prior to 6.1.6 **Description** The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox, which can be exploited by a low-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes. Successful attacks require human interaction from a person other than the attacker and can result in a partial denial of service (partial DOS) of Oracle VM VirtualBox. **Recommendations** For Oracle VM VirtualBox versions prior to 5.2.40, update to version 5.2.40 or later. For Oracle VM VirtualBox versions prior to 6.0.20, update to version 6.0.20 or later. For Oracle VM VirtualBox versions prior to 6.1.6, update to version 6.1.6 or later.