Jeremy Brown

**Name of the Vulnerable Software and Affected Versions** OpenSSH (affected versions not specified) **Description** A flaw exists in the GSSAPI patch included in various Linux distributions of OpenSSH, but does not affect the upstream OpenSSH project itself. The issue stems from the use of `sshpkt disconnect()` instead of `ssh packet disconnect()` when an error occurs during the GSSAPI key exchange process. This allows an attacker to send a crafted GSSAPI message type to the server, leading to the execution of code that accesses uninitialized variables and potentially causes random memory access, resulting in undefined behavior. The vulnerability can be exploited remotely before authentication, potentially leading to denial of service or other impacts. The severity of the impact depends on the compiler flag hardening configuration. A single, crafted SSH packet can trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ajenti version 2.1.31 **Description** A critical issue has been found in the API component, leading to privilege escalation through remote attack. The exploit has been disclosed publicly. **Recommendations** For version 2.1.31, upgrade to version 2.1.32 to address this issue.

**Name of the Vulnerable Software and Affected Versions** NVIDIA DCGM (affected versions not specified) **Description** The issue allows a network user to cause detection of error conditions without action, potentially leading to limited code execution, denial of service, escalation of privileges, and impacts to data confidentiality and integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.6 macOS versions prior to 12.3 macOS Catalina versions prior to Security Update 2022-004 **Description** The issue is related to insufficient input validation and a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. A use after free issue was addressed with improved memory management, allowing a remote user to cause an unexpected app termination or arbitrary code execution. **Recommendations** For macOS versions prior to 11.6.6, update to macOS Big Sur 11.6.6 to resolve the issue. For macOS versions prior to 12.3, update to macOS Monterey 12.3 to resolve the issue. For macOS Catalina versions prior to Security Update 2022-004, apply Security Update 2022-004 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoom On-Premise Meeting Connector versions prior to 4.6.239.20200613 Zoom On-Premise Meeting Connector MMR versions prior to 4.6.239.20200613 Zoom On-Premise Recording Connector versions prior to 3.8.42.20200905 Zoom On-Premise Virtual Room Connector versions prior to 4.4.6344.20200612 Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5492.20200616 **Description** The login routine of the web console fails to validate that a NULL byte was sent while authenticating, which could lead to a crash of the login service. This issue is related to a null pointer dereference, and its exploitation may allow an attacker to cause a denial of service. **Recommendations** For Zoom On-Premise Meeting Connector versions prior to 4.6.239.20200613, update to version 4.6.239.20200613 or later. For Zoom On-Premise Meeting Connector MMR versions prior to 4.6.239.20200613, update to version 4.6.239.20200613 or later. For Zoom On-Premise Recording Connector versions prior to 3.8.42.20200905, update to version 3.8.42.20200905 or later. For Zoom On-Premise Virtual Room Connector versions prior to 4.4.6344.20200612, update to version 4.4.6344.20200612 or later. For Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5492.20200616, update to version 2.5.5492.20200616 or later.

**Name of the Vulnerable Software and Affected Versions** Ulfius HTTP Framework versions prior to 2.7.4 **Description** The issue arises from the `ulfius uri logger` in the Ulfius HTTP Framework, which fails to initialize `con info` and perform a `con info->request` NULL check for certain malformed HTTP requests. This can lead to remote memory corruption. **Recommendations** For versions prior to 2.7.4, update to version 2.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ulfius uri logger` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.1 macOS Catalina versions prior to Security Update 2021-007 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1 to resolve the issue. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1 to resolve the issue. For macOS Catalina versions prior to Security Update 2021-007, apply Security Update 2021-007 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.1 Security Update 2021-007 Catalina **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1. For Catalina, apply Security Update 2021-007.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 watchOS versions prior to 8.3 iOS versions prior to 15.2 iPadOS versions prior to 15.2 tvOS versions prior to 15.2 **Description** A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. Processing a maliciously crafted image may lead to arbitrary code execution. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For watchOS versions prior to 8.3, update to watchOS 8.3 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For tvOS versions prior to 15.2, update to tvOS 15.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.1 Security Update 2021-007 Catalina (affected versions not specified) **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1. For Security Update 2021-007 Catalina, apply the security update.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.1 Security Update versions prior to 2021-007 Catalina **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1 or later. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1 or later. For Security Update versions prior to 2021-007 Catalina, apply Security Update 2021-007 Catalina or later.

**Name of the Vulnerable Software and Affected Versions** Zoom On-Premise Meeting Connector Controller versions prior to 4.6.365.20210703 Zoom On-Premise Meeting Connector MMR versions prior to 4.6.365.20210703 Zoom On-Premise Recording Connector versions prior to 3.8.45.20210703 Zoom On-Premise Virtual Room Connector versions prior to 4.4.6868.20210703 Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5496.20210703 **Description** The issue is related to insufficient input validation, which could allow a remote attacker to execute arbitrary code. Specifically, the network proxy page on the web portal for certain Zoom products fails to validate input sent in requests to set the network proxy password, potentially leading to remote command injection by a web portal administrator. **Recommendations** For Zoom On-Premise Meeting Connector Controller versions prior to 4.6.365.20210703, update to version 4.6.365.20210703 or later. For Zoom On-Premise Meeting Connector MMR versions prior to 4.6.365.20210703, update to version 4.6.365.20210703 or later. For Zoom On-Premise Recording Connector versions prior to 3.8.45.20210703, update to version 3.8.45.20210703 or later. For Zoom On-Premise Virtual Room Connector versions prior to 4.4.6868.20210703, update to version 4.4.6868.20210703 or later. For Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5496.20210703, update to version 2.5.5496.20210703 or later. As a temporary workaround, consider restricting access to the network proxy page on the web portal to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Modeling Labs (affected versions not specified) **Description** A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected server. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web application, `virl2`, on the underlying operating system of the affected server. To exploit this vulnerability, the attacker must have valid user credentials on the web UI. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cassandra Web version 0.5.0 **Description** The software contains a directory traversal issue that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files, such as `/etc/passwd`, and retrieve Apache Cassandra database credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5 **Description** The issue concerns hard-coded credentials, such as a password or cryptographic key, used by IBM Spectrum Protect Plus for inbound authentication, outbound communication to external components, or encryption of internal data. **Recommendations** For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5, consider changing the hard-coded credentials to unique, secure credentials to prevent unauthorized access. As a temporary workaround, restrict access to the affected system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5 **Description** The issue allows a remote attacker to execute arbitrary code on the system by using a specially crafted HTTP command. This can lead to the execution of arbitrary commands on the system. **Recommendations** For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5 **Description** The issue is related to the failure to neutralize special elements in user-input strings during password parameter syntax analysis in the Administrative Console Framework service of IBM Spectrum Protect Plus. This can be exploited by a remote attacker using a specially crafted HTTP command to execute arbitrary code on the system. **Recommendations** For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5, consider restricting access to the password parameter in the affected service until a patch is available. As a temporary workaround, avoid using specially crafted HTTP commands that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Podman and Varlink version 1.5.1 **Description** A critical issue was found, affecting an unknown part of the component API. This leads to Remote Privilege Escalation and can be initiated remotely. The exploit has been disclosed publicly. **Recommendations** For Podman and Varlink version 1.5.1, update to a version that addresses the Remote Privilege Escalation issue. As a temporary workaround, consider restricting access to the affected API component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nitro Pro versions 7.5.0.29 and earlier Nitro Reader versions 2.5.0.45 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a crafted PDF file. **Recommendations** For Nitro Pro versions 7.5.0.29 and earlier, update to a version later than 7.5.0.29 to resolve the issue. For Nitro Reader versions 2.5.0.45 and earlier, update to a version later than 2.5.0.45 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nitro Pro versions 7.5.0.22 and earlier Nitro Reader versions 2.5.0.36 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a crafted PDF file. **Recommendations** For Nitro Pro versions 7.5.0.22 and earlier, update to a version later than 7.5.0.22 to resolve the issue. For Nitro Reader versions 2.5.0.36 and earlier, update to a version later than 2.5.0.36 to resolve the issue.