Logan Stratton

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 125 Firefox ESR versions prior to 115.10 Thunderbird versions prior to 115.10 **Description** The issue is related to the `GetBoundName` function, which could return the wrong version of an object when JIT optimizations were applied. This could potentially allow a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Firefox versions prior to 125, update to version 125 or later. For Firefox ESR versions prior to 115.10, update to version 115.10 or later. For Thunderbird versions prior to 115.10, update to version 115.10 or later.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the `uh get postdata withupload()` function of the HTTP server in Actiontec WCB6200Q Wi-Fi range extenders. This allows a remote attacker to execute arbitrary code on affected installations without requiring authentication. The flaw exists due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. The specific flaw exists within the HTTP server, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Authentication is not required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the `uh tcp recv header()` function of the HTTP server in the Actiontec WCB6200Q Wi-Fi range extender microprogram. This vulnerability is caused by the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. The vulnerability can be exploited remotely by network-adjacent attackers without requiring authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the `uh tcp recv content()` function of the HTTP server in the Actiontec WCB6200Q Wi-Fi range extender's firmware. This vulnerability is caused by the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability to execute arbitrary code on affected installations of Actiontec WCB6200Q routers without requiring authentication. The vulnerability exists within the HTTP server and can be leveraged by an attacker to execute code in the context of the HTTP server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Actiontec WCB6200Q (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. The flaw exists within the HTTP server, where a crafted Cookie header in an HTTP request can trigger the use of a format specifier from a user-supplied string. An attacker can leverage this to execute code in the context of the HTTP server. Authentication is not required to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vCloud Director for Service Providers versions 9.5.x prior to 9.5.0.3 **Description** The issue is related to incorrect session management in the vCloud Director platform, which may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged-in session. Successful exploitation of this issue can enable a remote attacker to hijack remote sessions. **Recommendations** For versions 9.5.x prior to 9.5.0.3, update to version 9.5.0.3 to resolve the issue.