Florian

**Name of the Vulnerable Software and Affected Versions** Formie versions prior to 2.2.21 Formie versions prior to 3.1.26 **Description** Unauthenticated users can modify existing submissions by sending a known or guessed submission ID to the 'formie/submissions/save-submission' endpoint. **Recommendations** Update to version 2.2.21. Update to version 3.1.26. Block unauthenticated access to 'actions/formie/submissions/save-submission'. Disable or customize front-end submission editing.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 150 Firefox ESR versions prior to 140.10 Thunderbird versions prior to 150 Thunderbird versions prior to 140.10 **Description** Incorrect boundary conditions exist in the DOM: Device Interfaces component. **Recommendations** Update Firefox to version 150. Update Firefox ESR to version 140.10. Update Thunderbird to version 150. Update Thunderbird to version 140.10.

**Name of the Vulnerable Software and Affected Versions** Crypto++ versions through 5.6.4 **Description** The issue concerns the lack of documentation for a compile-time definition that disables assert calls, potentially allowing attackers to obtain sensitive information from process memory after an assertion failure. This could be exploited by accessing a core dump after such a failure. **Recommendations** For Crypto++ versions through 5.6.4, define NDEBUG at compile-time to disable assert calls and prevent potential information disclosure.

**Name of the Vulnerable Software and Affected Versions** Huawei Mobile Broadband HL Service versions 22.001.25.00.03 and earlier **Description** The issue allows local users to gain SYSTEM privileges by modifying the VERSION.dll. This is due to a weak Access Control List (ACL) used for the MobileBrServ program data directory. **Recommendations** For versions 22.001.25.00.03 and earlier, consider restricting access to the MobileBrServ program data directory to prevent local users from modifying the VERSION.dll until a fix is available.

**Name of the Vulnerable Software and Affected Versions** libmodplug versions prior to 0.8.8.5 **Description** The issue affects the libmodplug package in Gentoo Linux and Debian GNU/Linux operating systems. It involves multiple vulnerabilities that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in the `abc set parts` function in `load abc.cpp` can cause a denial of service and possibly allow the execution of arbitrary code via a crafted P header in an ABC file, triggering a heap-based buffer overflow. **Recommendations** For versions prior to 0.8.8.5, update to version 0.8.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `abc set parts` function in `load abc.cpp` to minimize the risk of exploitation. Avoid using crafted P headers in ABC files until the issue is resolved.