Han Yan

**Name of the Vulnerable Software and Affected Versions** com.transsion.tranfacmode (affected versions not specified) **Description** The `com.transsion.tranfacmode.entrance.main.MainActivity` component within `com.transsion.tranfacmode` lacks proper permission controls. This allows third-party applications to construct intents and directly access ADB debugging functionality without requiring user interaction. This could potentially allow unauthorized access and control of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr (affected versions not specified) **Description** An out-of-bound write issue can be triggered in the Zephyr bluetooth mesh core stack during provisioning. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr (affected versions not specified) **Description** An out-of-bound write issue can be triggered in the Zephyr bluetooth mesh core stack during provisioning. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESP-IDF versions 4.1 through 4.4 **Description** A memory corruption issue can be triggered in the ESP-BLE-MESH component during provisioning due to the lack of a check for the `SegN` field of the Transaction Start PDU. This can lead to memory corruption-related attacks, potentially allowing an attacker to gain control of the entire system. **Recommendations** For ESP-IDF versions 4.1 through 4.4, upgrade to a patched version, as patch commits are available on these branches.