Georgi Geshev

**Name of the Vulnerable Software and Affected Versions** Xiaomi Browser versions prior to 10.4.0 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of the `miui.share` application due to the lack of proper validation of user-supplied data, resulting in an arbitrary application download. An attacker can leverage this to execute code in the context of the user. **Recommendations** For versions prior to 10.4.0, update to version 10.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `miui.share` application until a patch is applied. Avoid opening malicious files or visiting untrusted websites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Galaxy S9 versions prior to January 2019 Security Update **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must connect to a wireless network. The flaw exists within the captive portal, specifically by manipulating HTML to force a page redirection. This can be leveraged to execute code in the context of the current process. **Recommendations** For Samsung Galaxy S9 versions prior to January 2019 Security Update, apply the January 2019 Security Update (SMR-JAN-2019) to resolve the issue. As a temporary workaround, consider avoiding connections to untrusted wireless networks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Galaxy S9 versions prior to 1.4.20.2 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of the GameServiceReceiver update mechanism, allowing an attacker to execute code in the context of the current process. **Recommendations** For Samsung Galaxy S9 versions prior to 1.4.20.2, update to version 1.4.20.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the GameServiceReceiver update mechanism until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.1.3 Apple macOS versions prior to 10.14.3 **Description** A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For Apple iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For Apple macOS versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue is related to the Accessibility Framework component and involves insufficient access restrictions. Exploitation of this issue may allow an attacker to execute arbitrary code with system privileges or disclose protected information using a specially crafted application. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Accessibility Framework component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 Safari versions prior to 11.1.1 iCloud versions prior to 7.5 on Windows iTunes versions prior to 12.7.5 on Windows tvOS versions prior to 11.4 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, resulting in a buffer overflow and application crash. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later.

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 2.0.02.31 Description: This issue allows local attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of ZIP files, specifically due to the lack of proper validation of a user-supplied path prior to using it in file operations. This allows an attacker to escalate privileges to resources normally protected from the application. Recommendations: For versions prior to 2.0.02.31, update to version 2.0.02.31 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ZIP files until a patch is applied. Avoid using user-supplied paths in file operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Members versions prior to 2.4.25 **Description** This issue allows remote attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of Intents, specifically in the ability to send an Intent that would not otherwise be reachable. This can be leveraged to escalate privileges to resources normally protected from the application. **Recommendations** For versions prior to 2.4.25, update to version 2.4.25 to resolve the issue. As a temporary workaround, consider restricting the handling of Intents to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Samsung Galaxy Apps versions prior to 4.2.18.2 Description: This issue allows local attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of a staging mode, specifically in the ability to change the configuration based on the presence of a file in a user-controlled location. This can be leveraged to escalate privileges to resources normally protected from the application. Recommendations: For versions prior to 4.2.18.2, update to version 4.2.18.2 to resolve the issue. As a temporary workaround, consider restricting access to the staging mode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.85 **Description** The issue is related to errors in security settings, allowing a remote attacker to compromise the confidentiality, integrity, and availability of protected information using a specially crafted HTML page. The content renderer client in Google Chrome insufficiently enforces the Same Origin Policy amongst downloaded files, enabling a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. **Recommendations** For Google Chrome versions prior to 54.0.2840.85, update to version 54.0.2840.85 or later to resolve the issue. As a temporary workaround, consider restricting access to downloaded files and avoiding the use of crafted HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Cassandra versions 1.2.0 through 1.2.19 Apache Cassandra versions 2.0.0 through 2.0.13 Apache Cassandra versions 2.1.0 through 2.1.3 **Description** The default configuration of Apache Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. This allows remote attackers to execute arbitrary Java code via an RMI request. **Recommendations** For Apache Cassandra versions 1.2.0 through 1.2.19, restrict access to the JMX/RMI interface to minimize the risk of exploitation. For Apache Cassandra versions 2.0.0 through 2.0.13, restrict access to the JMX/RMI interface to minimize the risk of exploitation. For Apache Cassandra versions 2.1.0 through 2.1.3, restrict access to the JMX/RMI interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openslp (affected versions not specified) **Description** The issue is related to a Denial of Service (DoS) vulnerability in the `SLPIntersectStringList()` function. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.