Francesco Benvenuto

Name of the Vulnerable Software and Affected Versions LibRaw Commit d20315b Description A heap-based buffer overflow vulnerability exists in the `x3f load huffman` functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to exploit this issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to Commit 8dc68e2 Description An integer overflow exists in the `uncompressed fp dng load raw` functionality of LibRaw. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to exploit this issue. Recommendations Update LibRaw to Commit 8dc68e2 or later.

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to Commit 8dc68e2 Description An integer overflow exists in the `deflate dng load raw` functionality of LibRaw. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this issue. Recommendations Update LibRaw to version Commit 8dc68e2 or later.

Name of the Vulnerable Software and Affected Versions LibRaw Commit d20315b Description A heap-based buffer overflow vulnerability exists in the `x3f thumb loader` functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to exploit this issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions LibRaw versions Commit 0b56545 and Commit d20315b Description A heap-based buffer overflow exists in the `lossless jpeg load raw` functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to exploit this issue. Recommendations No information is available about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions LibRaw versions Commit 0b56545 and Commit d20315b Description A heap-based buffer overflow vulnerability exists in the `HuffTable::initval` functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to exploit this issue. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** The Planet WGR-500 device contains OS command injection flaws within the formPingCmd functionality. Specifically crafted HTTP requests can result in arbitrary command execution. The issue is related to the `ipaddr` request parameter. An attacker can exploit this by sending a series of HTTP requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Several stack-based buffer overflow issues are present in the `formPingCmd` functionality. An attacker can send a series of crafted HTTP requests to trigger these issues. The buffer overflow is related to the `submit-url` and `ipaddr` request parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Several OS command injection flaws are present in the formPingCmd functionality. An attacker can execute arbitrary commands by sending a crafted series of HTTP requests. The `counts` request parameter is involved in the exploitation of this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** A format string vulnerability exists in the `formPingCmd` functionality. A series of specially crafted HTTP requests can lead to memory corruption. An attacker can trigger this by sending a series of HTTP requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Several stack-based buffer overflow issues are present in the formPingCmd functionality. An attacker can exploit these by sending specially crafted HTTP requests. The buffer overflow is related to the `counts` request parameter used in constructing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Multiple stack-based buffer overflow issues exist in the formPingCmd functionality. An attacker can send a series of HTTP requests to trigger these issues. The `submit-url` request parameter is involved in the buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Multiple OS command injection flaws exist in the `swctrl` functionality. A crafted network request can result in arbitrary command execution. The `new password` request parameter is involved in triggering these flaws. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Several OS command injection issues are present in the `swctrl` functionality. A crafted network request can allow for arbitrary command execution. The `new device name` request parameter is involved in triggering these issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Planet WGR-500 version 1.3411b190912 **Description** Multiple stack-based buffer overflow issues exist in the `formPingCmd` functionality. An attacker can send a series of crafted HTTP requests to trigger these issues. The buffer overflow is related to the `ipaddr` request parameter when composing the `"ping -c <counts> <ipaddr> 2>&1 > %s &"` string. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Tahoe 26 **Description** A flaw allows an application to potentially access protected user data due to a downgrade issue. This issue was addressed with additional code-signing restrictions. **Recommendations** Update to macOS Tahoe 26.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.7.3 **Description** An application may be able to circumvent launch constraint protections and execute malicious code with elevated privileges. **Recommendations** Update to macOS version 15.7.3.

**Name of the Vulnerable Software and Affected Versions** Four-Faith F3x36 router version 2.0.0 **Description** The issue is related to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. **Recommendations** For Four-Faith F3x36 router version 2.0.0, consider changing the hard-coded credentials in the administrative web server to prevent unauthorized access. As a temporary workaround, restrict access to the administrative web server until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 **Description** The issue is related to insufficient access control in the NVRAM Variable Handler component of MacOS, which may allow an attacker to gain unauthorized access to protected information. The problem was addressed with improved validation of environment variables. An app may be able to edit NVRAM variables. **Recommendations** For versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue. As a temporary workaround, consider restricting access to NVRAM variables to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.7.2 macOS versions prior to 15.2 Description: The issue was addressed with improved permissions logic. An app may be able to modify protected parts of the file system. Recommendations: For macOS versions prior to 14.7.2, update to macOS Sonoma 14.7.2. For macOS versions prior to 15.2, update to macOS Sequoia 15.2.