Francisco Falcon

**Name of the Vulnerable Software and Affected Versions** TPM2.0 (affected versions not specified) **Description** The issue is related to an out-of-bounds read vulnerability in the CryptParameterDecryption routine of the Trusted Platform Module (TPM) microprogram. This vulnerability allows an attacker to read or access sensitive data stored in the TPM by performing a 2-byte read past the end of a TPM2.0 command. The vulnerability can be exploited to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TPM2.0 (affected versions not specified) **Description** An out-of-bounds write vulnerability exists in TPM2.0's Module Library, allowing writing of a 2-byte data past the end of TPM2.0 command in the `CryptParameterDecryption` routine. This can lead to denial of service, causing the TPM chip or process to crash or become unusable, and/or arbitrary code execution in the TPM context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenBSD versions 6.9 through 7.0 before 2022-03-22 **Description** The issue is caused by an integer signedness error and resultant heap-based buffer overflow in the slaacd component of OpenBSD. This can be triggered by a crafted IPv6 router advertisement. It is noted that privilege separation and pledge can prevent exploitation. **Recommendations** For OpenBSD versions 6.9 through 7.0 before 2022-03-22, consider applying privilege separation and pledge to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenBSD versions 6.9 through 7.0 before 2022-02-21 **Description** The issue is related to a buffer overflow in the `engine.c` file of the `slaacd` component. This overflow can be triggered by an IPv6 router advertisement that contains more than seven nameservers. It is noted that privilege separation and pledge can prevent the exploitation of this issue. **Recommendations** For OpenBSD versions 6.9 through 7.0 before 2022-02-21, consider applying privilege separation and pledge to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zavio IP Cameras versions 1.6.03 and earlier Description: An Authentication Bypass issue exists in the web interface of Zavio IP Cameras due to a hardcoded admin account found in boa.conf. This allows a remote malicious user to obtain sensitive information. Recommendations: For versions 1.6.03 and earlier, consider disabling the web interface until a patch is available to prevent exploitation of the hardcoded admin account. Restrict access to the boa.conf file to minimize the risk of sensitive information disclosure. Avoid using the default admin account in the affected Zavio IP Cameras until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: D-LINK WCS-1100 version 1.02 TESCO DCS-2121 version 1.05 TESCO TESCO DCS-2102 version 1.05 TESCO D-LINK DCS-7510 version 1.00 D-LINK DCS-7410 version 1.00 D-LINK DCS-6410 version 1.00 D-LINK DCS-5635 version 1.01 D-LINK DCS-5605 version 1.01 D-LINK DCS-5230L version 1.02 D-LINK DCS-5230 version 1.02 D-LINK DCS-3430 version 1.02 D-LINK DCS-3411 version 1.02 D-LINK DCS-3410 version 1.02 D-LINK DCS-2121 versions 1.05 RU through 1.06 FR D-LINK DCS-2121 versions 1.05 RU through 1.06 D-LINK DCS-2102 versions 1.05 RU through 1.06 FR D-LINK DCS-2102 versions 1.05 RU through 1.06 D-LINK DCS-1130L version 1.04 D-LINK DCS-1130 versions 1.03 through 1.04 US D-LINK DCS-1100L version 1.04 D-LINK DCS-1100 versions 1.03 through 1.04 US Description: An Information Disclosure issue exists due to a failure to restrict access on the `lums.cgi` script when processing a live video stream, which could let a malicious user obtain sensitive information. Recommendations: For D-LINK WCS-1100 version 1.02, restrict access to the `lums.cgi` script. For TESCO DCS-2121 version 1.05 TESCO, restrict access to the `lums.cgi` script. For TESCO DCS-2102 version 1.05 TESCO, restrict access to the `lums.cgi` script. For D-LINK DCS-7510 version 1.00, restrict access to the `lums.cgi` script. For D-LINK DCS-7410 version 1.00, restrict access to the `lums.cgi` script. For D-LINK DCS-6410 version 1.00, restrict access to the `lums.cgi` script. For D-LINK DCS-5635 version 1.01, restrict access to the `lums.cgi` script. For D-LINK DCS-5605 version 1.01, restrict access to the `lums.cgi` script. For D-LINK DCS-5230L version 1.02, restrict access to the `lums.cgi` script. For D-LINK DCS-5230 version 1.02, restrict access to the `lums.cgi` script. For D-LINK DCS-3430 version 1.02, restrict access to the `lums.cgi` script. For D-LINK DCS-3411 version 1.02, restrict access to the `lums.cgi` script. For D-LINK DCS-3410 version 1.02, restrict access to the `lums.cgi` script. For D-LINK DCS-2121 versions 1.05 RU through 1.06 FR, restrict access to the `lums.cgi` script. For D-LINK DCS-2121 versions 1.05 RU through 1.06, restrict access to the `lums.cgi` script. For D-LINK DCS-2102 versions 1.05 RU through 1.06 FR, restrict access to the `lums.cgi` script. For D-LINK DCS-2102 versions 1.05 RU through 1.06, restrict access to the `lums.cgi` script. For D-LINK DCS-1130L version 1.04, restrict access to the `lums.cgi` script. For D-LINK DCS-1130 versions 1.03 through 1.04 US, restrict access to the `lums.cgi` script. For D-LINK DCS-1100L version 1.04, restrict access to the `lums.cgi` script. For D-LINK DCS-1100 versions 1.03 through 1.04 US, restrict access to the `lums.cgi` script.

Name of the Vulnerable Software and Affected Versions: D-Link DCS-2121 versions 1.05 TESCO through 1.06 D-Link DCS-2102 versions 1.05 TESCO through 1.06 Description: An Authentication Bypass issue exists in the upnp/asf-mp4.asf component when streaming live video, potentially allowing a malicious user to obtain sensitive information. Recommendations: For D-Link DCS-2121 versions 1.05 TESCO through 1.06, consider disabling the upnp/asf-mp4.asf component until a patch is available. For D-Link DCS-2102 versions 1.05 TESCO through 1.06, consider disabling the upnp/asf-mp4.asf component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver versions 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 Description: A Buffer Overflow issue exists in the Message Server service, specifically in the MsJ2EE AddStatistics() function, when it processes specially crafted SAP Message Server packets sent to remote TCP ports. This could allow a remote malicious user to execute arbitrary code. Recommendations: For SAP NetWeaver version 2004s, update to a version that includes the fix for this issue. For SAP NetWeaver version 7.01 SR1, update to a version that includes the fix for this issue. For SAP NetWeaver version 7.02 SP06, update to a version that includes the fix for this issue. For SAP NetWeaver version 7.30 SP04, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the MsJ2EE AddStatistics() function in the Message Server service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 9.3 before p39 FreeBSD versions 10.1 before p31 FreeBSD versions 10.2 before p14 **Description** The issue is caused by an integer signedness error in the `amd64 set ldt` function, located in `sys/amd64/amd64/sys machdep.c`, which leads to a heap-based buffer overflow. This can be exploited by a local attacker using the `i386 set ldt` system call, resulting in a denial of service (kernel panic). **Recommendations** For FreeBSD version 9.3, update to p39 or later. For FreeBSD version 10.1, update to p31 or later. For FreeBSD version 10.2, update to p14 or later.

**Name of the Vulnerable Software and Affected Versions** Windows Media Center versions in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 **Description** The issue allows remote attackers to read arbitrary files via a crafted .mcl file. It is related to insufficient processing of video files in the Windows operating system. **Recommendations** For Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1, consider restricting access to .mcl files until a patch is available. As a temporary workaround, avoid using crafted .mcl files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 9.3 before p10 FreeBSD versions 10.1 before p6 **Description** The issue is caused by an integer signedness error in the vt console driver, which allows local users to cause a denial of service and possibly gain privileges. This is achieved by passing a negative value in a VT WAITACTIVE ioctl call, resulting in an array index error and out-of-bounds kernel memory access. **Recommendations** For FreeBSD versions 9.3 before p10, update to p10 or later to resolve the issue. For FreeBSD versions 10.1 before p6, update to p6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle GlassFish Server versions 2.1.1 and 3.0.1 **Description** The issue allows remote attackers to execute arbitrary code via unknown vectors related to Administration in the Oracle GlassFish Server component. **Recommendations** For Oracle GlassFish Server version 2.1.1, update to a version that addresses this issue. For Oracle GlassFish Server version 3.0.1, update to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 7.0.0.13 and earlier **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console of IBM WebSphere Application Server. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, specifically those that disable certain security options. This can be achieved via an Edit action to "console/adminSecurityDetail.do" followed by a save action to "console/syncworkspace.do". **Recommendations** For IBM WebSphere Application Server versions 7.0.0.13 and earlier, consider disabling access to the "console/adminSecurityDetail.do" and "console/syncworkspace.do" endpoints until a fix is available. Restrict the use of the administrative console to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Novell iManager versions 2.7 through 2.7.3 FTF2 **Description** The issue is related to multiple stack-based buffer overflows in the jclient. Java novell jclient JClient defineClass@20 function in jclient.dll. This allows remote authenticated users to execute arbitrary code via the `EnteredClassID` or `NewClassName` parameter to the "nps/servlet/webacc" endpoint. **Recommendations** For Novell iManager versions 2.7 through 2.7.3 FTF2, consider restricting access to the jclient. Java novell jclient JClient defineClass@20 function in jclient.dll as a temporary workaround until a patch is available. Avoid using the `EnteredClassID` and `NewClassName` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firebird SQL versions 1.5 through 1.5.5 Firebird SQL versions 2.0 through 2.0.5 Firebird SQL versions 2.1 through 2.1.2 Firebird SQL versions 2.5 through 2.5 Beta 1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending a malformed op connect request message, which can trigger an infinite loop or a NULL pointer dereference in the src/remote/server.cpp component of fbserver.exe. **Recommendations** For Firebird SQL versions 1.5 through 1.5.5, update to version 1.5.6 or later. For Firebird SQL versions 2.0 through 2.0.5, update to version 2.0.6 or later. For Firebird SQL versions 2.1 through 2.1.2, update to version 2.1.3 or later. For Firebird SQL versions 2.5 through 2.5 Beta 1, update to version 2.5 Beta 2 or later.

**Name of the Vulnerable Software and Affected Versions** Anzio Web Print Object (WePO) versions 3.2.19 through 3.2.24 **Description** The issue is a stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control, which allows remote attackers to execute arbitrary code via a long `mainurl` parameter. **Recommendations** For versions 3.2.19 through 3.2.24, avoid using the `mainurl` parameter in the affected ActiveX control until a patch is available. As a temporary workaround, consider restricting access to the Anzio Web Print Object (WePO) ActiveX control to minimize the risk of exploitation.