Hiroki Matsukuma

**Name of the Vulnerable Software and Affected Versions** JustSystems JUST Online Update for J-License versions (affected versions not specified) **Description** An unquoted search path issue exists in the JustSystems JUST Online Update for J-License, which is bundled with various products, including Ichitaro through Pro5. This allows a malicious file to be executed with Windows service privileges if placed in a specific path. The affected products are part of several series, including Office, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RCCMD versions 4.26 and earlier **Description** A directory traversal issue allows a remote authenticated attacker with administrative privileges to read or alter arbitrary files on the server via unspecified vectors. **Recommendations** For RCCMD versions 4.26 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Hitachi Virtual File Platform versions prior to 5.5.3-09 Hitachi Virtual File Platform versions prior to 6.4.3-09 NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) NEC Storage M Series NAS Gateway Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) Description: Remote authenticated attackers can execute arbitrary OS commands with root privileges via unspecified vectors. Recommendations: For Hitachi Virtual File Platform versions prior to 5.5.3-09, update to version 5.5.3-09 or later. For Hitachi Virtual File Platform versions prior to 6.4.3-09, update to version 6.4.3-09 or later. For NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a), update to FOS 5.5.3-08(NEC2.5.4a) or later. For NEC Storage M Series NAS Gateway Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2), update to FOS 6.4.3-08(NEC3.4.2) or later.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions 9.x before 9.50 **Description** A flaw in the .setuserparams2 procedure of Ghostscript allows scripts to bypass `-dSAFER` restrictions by not properly securing its privileged calls. This enables a specially crafted PostScript file to disable security protection, access the file system, or execute arbitrary commands. The issue is related to the incorrect use of privileged APIs, which can be exploited by a remote attacker to execute arbitrary commands or access the file system, bypassing the restrictions imposed by `-dSAFER`. **Recommendations** For Ghostscript versions 9.x before 9.50, update to version 9.50 or later to resolve the issue. As a temporary workaround, consider disabling the use of the `.setuserparams2` procedure until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using specially crafted PostScript files that could exploit this issue until the software is updated.

**Name of the Vulnerable Software and Affected Versions** BlueZ versions 5.41 and earlier **Description** A buffer overflow issue exists, allowing an attacker to execute arbitrary code via the `parse line` function used in some userland utilities. **Recommendations** For BlueZ versions 5.41 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.