Marklee131

**Name of the Vulnerable Software and Affected Versions** libusb versions prior to 1.0.30 **Description** A one-byte out-of-bounds read exists in the `parse iad array()` function within descriptor.c. This occurs when a malformed USB descriptor is supplied where the `bLength` equals the size minus one, causing the bounds check to utilize the original buffer size rather than the remaining size. In virtualized environments with USB passthrough, attackers can use the functions `libusb get active interface association descriptors` or `libusb get interface association descriptors` to provide crafted descriptors, reading one byte past the end of the malloc allocation and triggering a denial of service. **Recommendations** Update to version 1.0.30 or later.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 6.4.0 through 8.6.2 **Description** A NULL pointer dereference occurs when the `msSLDParseUserStyle` function calls ` SLDApplyRuleValues(psRule, psLayer, 1)` for any `<Rule>` containing an `<ElseFilter/>`. The system assumes `msSLDParseRule` added one class; however, if the rule lacks a symbolizer, `msSLDParseRule` adds zero classes, leading the system to index ` class[-1]`. This can be triggered without authentication using a well-formed 200-byte SLD via the 'SLD BODY=' parameter in the WMS endpoint. **Recommendations** Update to version 8.6.3.

**Name of the Vulnerable Software and Affected Versions** libmodbus version 3.1.10 **Description** The issue is a Buffer Overflow that can be triggered via the `modbus write bits` function when it is fed with specially crafted input. This leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. **Recommendations** For libmodbus version 3.1.10, consider disabling the `modbus write bits` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.