Martin Rakhmanov

Name of the Vulnerable Software and Affected Versions: SQL Server (affected versions not specified) Description: An improper neutralization of special elements used in a command ('command injection') exists in SQL Server. This allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22 **Description:** The vulnerability relates to untrusted data inclusion within the `pg dump` utility. Exploitation allows a malicious superuser of the origin server to inject arbitrary code for execution during restore operations performed by the `psql` client. This affects `pg dumpall` and `pg restore` when used to generate plain-format dumps. Approximately 3.3 million devices are estimated to be affected. The issue allows for remote code execution. **Recommendations:** Update to PostgreSQL version 17.6 or later. Update to PostgreSQL version 16.10 or later. Update to PostgreSQL version 15.14 or later. Update to PostgreSQL version 14.19 or later. Update to PostgreSQL version 13.22 or later. As a temporary workaround, use the `--no-comments` option during `pg restore` operations.

**Name of the Vulnerable Software and Affected Versions** Satera LBP660C Series versions 11.04 and earlier Satera LBP620C Series versions 11.04 and earlier Satera MF740C Series versions 11.04 and earlier Satera MF640C Series versions 11.04 and earlier Color imageCLASS LBP660C Series versions 11.04 and earlier Color imageCLASS LBP620C Series versions 11.04 and earlier Color imageCLASS X LBP1127C versions 11.04 and earlier Color imageCLASS MF740C Series versions 11.04 and earlier Color imageCLASS MF640C Series versions 11.04 and earlier Color imageCLASS X MF1127C versions 11.04 and earlier i-SENSYS LBP660C Series versions 11.04 and earlier i-SENSYS LBP620C Series versions 11.04 and earlier i-SENSYS MF740C Series versions 11.04 and earlier i-SENSYS MF640C Series versions 11.04 and earlier i-SENSYS C1127P versions 11.04 and earlier i-SENSYS C1127iF versions 11.04 and earlier i-SENSYS C1127i versions 11.04 and earlier **Description** The issue is related to an unintentional change of settings during the initial registration of system administrators, which uses control protocols. This may allow an attacker on the network segment to trigger unauthorized access to the product. **Recommendations** For Satera LBP660C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Satera LBP620C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Satera MF740C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Satera MF640C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS LBP660C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS LBP620C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS X LBP1127C version 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS MF740C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS MF640C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS X MF1127C version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS LBP660C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS LBP620C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS MF740C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS MF640C Series version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS C1127P version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS C1127iF version 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS C1127i version 11.04 and earlier, update the firmware to a version later than 11.04.

**Name of the Vulnerable Software and Affected Versions** Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series versions 11.04 and earlier Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C versions 11.04 and earlier i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i versions 11.04 and earlier **Description** The issue allows arbitrary files to be installed in the Setting Data Import function of Office and Small Office Multifunction Printers and Laser Printers. **Recommendations** For Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series versions 11.04 and earlier, update the firmware to a version later than 11.04. For Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C versions 11.04 and earlier, update the firmware to a version later than 11.04. For i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i versions 11.04 and earlier, update the firmware to a version later than 11.04.

**Name of the Vulnerable Software and Affected Versions** Canon Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series versions 11.04 and earlier Canon Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C versions 11.04 and earlier Canon i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series/C1127P/C1127iF/C1127i versions 11.04 and earlier **Description** The issue is related to improper authentication of the RemoteUI in certain Canon office and small office multifunction printers and laser printers. This may allow an attacker on the network segment to trigger unauthorized access to the product. **Recommendations** For Canon Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series versions 11.04 and earlier, update the firmware to a version later than 11.04. For Canon Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C versions 11.04 and earlier, update the firmware to a version later than 11.04. For Canon i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series/C1127P/C1127iF/C1127i versions 11.04 and earlier, update the firmware to a version later than 11.04. As a temporary workaround, consider restricting access to the RemoteUI until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 5.7.41 and prior MySQL Server versions 8.0.32 and prior **Description** A difficult to exploit vulnerability in the MySQL Server product of Oracle MySQL allows a low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and can result in takeover of MySQL Server. **Recommendations** For MySQL Server versions 5.7.41 and prior, update to a version later than 5.7.41. For MySQL Server versions 8.0.32 and prior, update to a version later than 8.0.32. As a temporary workaround, consider restricting network access to the MySQL Server until a patch is available. Restrict access to the Client programs component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud devices (affected versions not specified) **Description** A remote code execution issue was discovered, allowing an attacker to trick a NAS device into loading through an unsecured HTTP call due to insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Western Digital MyCloud PR4100 (affected versions not specified) **Description** A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. The issue was addressed by disabling checks for internet connectivity using HTTP. **Recommendations** To resolve the issue, disable checks for internet connectivity using HTTP. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei LTE USB Dongle products version E3372h-153TCPU-V200R002B333D01SP00C00 Description: The issue is related to an improper permission assignment, allowing an attacker to locally access and log in to a PC. The attacker can induce a user to install a specially crafted application, enabling them to perform unauthenticated operations. Recommendations: For version E3372h-153TCPU-V200R002B333D01SP00C00, update to a version that fixes the improper permission assignment issue to prevent unauthenticated operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform versions prior to 2020.2.4 Description: The issue concerns the Collector Service in the SolarWinds Orion Platform, which uses Microsoft Message Queue (MSMQ) and fails to set proper permissions on its private queues. This allows remote unauthenticated clients to send messages to TCP port 1801, which are then processed by the Collector Service. Furthermore, the service deserializes these messages in an insecure manner, enabling remote arbitrary code execution as LocalSystem. Recommendations: For versions prior to 2020.2.4, update to version 2020.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1801 to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SolarWinds Serv-U versions prior to 15.2.2 Hotfix 1 Description: The issue concerns a directory containing user profile files, including password hashes, which is world readable and writable. An unprivileged Windows user with access to the server's filesystem can exploit this by copying a valid profile file to the directory, potentially gaining access to read or replace arbitrary files with LocalSystem privileges. Recommendations: For versions prior to 15.2.2 Hotfix 1, update to version 15.2.2 Hotfix 1 to resolve the issue. As a temporary workaround, consider restricting access to the directory containing user profile files to prevent unauthorized modifications.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Meetings Desktop App for Windows (affected versions not specified) **Description** A vulnerability in the software could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The issue is due to unsafe usage of shared memory used by the affected software. An attacker with permissions to view system memory could exploit this by running an application designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information, including usernames, meeting information, or authentication tokens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D8500 versions 1.0.3.27 and earlier DGN2200v4 versions 1.0.0.82 and earlier R6300v2 versions 1.0.4.06 and earlier R6400 versions 1.0.1.20 and earlier R6400v2 versions 1.0.2.18 and earlier R6700 versions 1.0.1.22 and earlier R6900 versions 1.0.1.20 and earlier R7000 versions 1.0.7.10 and earlier R7000P versions 1.0.0.58 and earlier R7100LG versions 1.0.0.28 and earlier R7300DST versions 1.0.0.52 and earlier R7900 versions 1.0.1.12 and earlier R8000 versions 1.0.3.46 and earlier R8300 versions 1.0.2.86 and earlier R8500 versions 1.0.2.86 and earlier WNDR3400v3 versions 1.0.1.8 and earlier WNDR4500v2 versions 1.0.0.62 and earlier Description: Certain NETGEAR devices are affected by password recovery and file access. Recommendations: For D8500 version 1.0.3.27 and earlier, update to a version later than 1.0.3.27. For DGN2200v4 version 1.0.0.82 and earlier, update to a version later than 1.0.0.82. For R6300v2 version 1.0.4.06 and earlier, update to a version later than 1.0.4.06. For R6400 version 1.0.1.20 and earlier, update to a version later than 1.0.1.20. For R6400v2 version 1.0.2.18 and earlier, update to a version later than 1.0.2.18. For R6700 version 1.0.1.22 and earlier, update to a version later than 1.0.1.22. For R6900 version 1.0.1.20 and earlier, update to a version later than 1.0.1.20. For R7000 version 1.0.7.10 and earlier, update to a version later than 1.0.7.10. For R7000P version 1.0.0.58 and earlier, update to a version later than 1.0.0.58. For R7100LG version 1.0.0.28 and earlier, update to a version later than 1.0.0.28. For R7300DST version 1.0.0.52 and earlier, update to a version later than 1.0.0.52. For R7900 version 1.0.1.12 and earlier, update to a version later than 1.0.1.12. For R8000 version 1.0.3.46 and earlier, update to a version later than 1.0.3.46. For R8300 version 1.0.2.86 and earlier, update to a version later than 1.0.2.86. For R8500 version 1.0.2.86 and earlier, update to a version later than 1.0.2.86. For WNDR3400v3 version 1.0.1.8 and earlier, update to a version later than 1.0.1.8. For WNDR4500v2 version 1.0.0.62 and earlier, update to a version later than 1.0.0.62.

Name of the Vulnerable Software and Affected Versions: D6220 versions prior to 1.0.0.26 D6400 versions prior to 1.0.0.60 D8500 versions prior to 1.0.3.29 R6250 versions prior to 1.0.4.12 R6400 versions prior to 1.01.24 R6400v2 versions prior to 1.0.2.30 R6700 versions prior to 1.0.1.22 R6900 versions prior to 1.0.1.22 R6900P versions prior to 1.0.0.56 R7000 versions prior to 1.0.9.4 R7000P versions prior to 1.0.0.56 R7100LG versions prior to 1.0.0.32 R7300DST versions prior to 1.0.0.54 R7900 versions prior to 1.0.1.18 R8000 versions prior to 1.0.3.44 R8300 versions prior to 1.0.2.100 1.0.82 R8500 versions prior to 1.0.2.100 1.0.82 Description: Certain NETGEAR devices are affected by command injection. Recommendations: For D6220 version prior to 1.0.0.26, update to version 1.0.0.26 or later. For D6400 version prior to 1.0.0.60, update to version 1.0.0.60 or later. For D8500 version prior to 1.0.3.29, update to version 1.0.3.29 or later. For R6250 version prior to 1.0.4.12, update to version 1.0.4.12 or later. For R6400 version prior to 1.01.24, update to version 1.01.24 or later. For R6400v2 version prior to 1.0.2.30, update to version 1.0.2.30 or later. For R6700 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For R6900 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For R6900P version prior to 1.0.0.56, update to version 1.0.0.56 or later. For R7000 version prior to 1.0.9.4, update to version 1.0.9.4 or later. For R7000P version prior to 1.0.0.56, update to version 1.0.0.56 or later. For R7100LG version prior to 1.0.0.32, update to version 1.0.0.32 or later. For R7300DST version prior to 1.0.0.54, update to version 1.0.0.54 or later. For R7900 version prior to 1.0.1.18, update to version 1.0.1.18 or later. For R8000 version prior to 1.0.3.44, update to version 1.0.3.44 or later. For R8300 version prior to 1.0.2.100 1.0.82, update to version 1.0.2.100 1.0.82 or later. For R8500 version prior to 1.0.2.100 1.0.82, update to version 1.0.2.100 1.0.82 or later.

Name of the Vulnerable Software and Affected Versions: D8500 versions 1.0.3.28 and earlier R6400 versions 1.0.1.22 and earlier R6400v2 versions 1.0.2.18 and earlier R8300 versions 1.0.2.94 and earlier R8500 versions 1.0.2.94 and earlier R6100 versions 1.0.1.12 and earlier Description: The issue affects certain NETGEAR devices, allowing command injection by an authenticated user. Recommendations: For D8500 version 1.0.3.28 and earlier, update to a version later than 1.0.3.28. For R6400 version 1.0.1.22 and earlier, update to a version later than 1.0.1.22. For R6400v2 version 1.0.2.18 and earlier, update to a version later than 1.0.2.18. For R8300 version 1.0.2.94 and earlier, update to a version later than 1.0.2.94. For R8500 version 1.0.2.94 and earlier, update to a version later than 1.0.2.94. For R6100 version 1.0.1.12 and earlier, update to a version later than 1.0.1.12.

Name of the Vulnerable Software and Affected Versions: NETGEAR D6220 versions prior to 1.0.0.26 NETGEAR D6400 versions prior to 1.0.0.60 NETGEAR D8500 versions prior to 1.0.3.29 NETGEAR R6250 versions prior to 1.0.4.12 NETGEAR R6400 versions prior to 1.01.24 NETGEAR R6400v2 versions prior to 1.0.2.30 NETGEAR R6700 versions prior to 1.0.1.22 NETGEAR R6900 versions prior to 1.0.1.22 NETGEAR R6900P versions prior to 1.0.0.56 NETGEAR R7000 versions prior to 1.0.9.4 NETGEAR R7000P versions prior to 1.0.0.56 NETGEAR R7100LG versions prior to 1.0.0.32 NETGEAR R7300DST versions prior to 1.0.0.54 NETGEAR R7900 versions prior to 1.0.1.18 NETGEAR R8000 versions prior to 1.0.3.44 NETGEAR R8300 versions prior to 1.0.2.100 1.0.82 NETGEAR R8500 versions prior to 1.0.2.100 1.0.82 Description: The issue is related to authentication bypass in certain NETGEAR devices. Recommendations: For NETGEAR D6220 version prior to 1.0.0.26, update to version 1.0.0.26 or later. For NETGEAR D6400 version prior to 1.0.0.60, update to version 1.0.0.60 or later. For NETGEAR D8500 version prior to 1.0.3.29, update to version 1.0.3.29 or later. For NETGEAR R6250 version prior to 1.0.4.12, update to version 1.0.4.12 or later. For NETGEAR R6400 version prior to 1.01.24, update to version 1.01.24 or later. For NETGEAR R6400v2 version prior to 1.0.2.30, update to version 1.0.2.30 or later. For NETGEAR R6700 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R6900 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R6900P version prior to 1.0.0.56, update to version 1.0.0.56 or later. For NETGEAR R7000 version prior to 1.0.9.4, update to version 1.0.9.4 or later. For NETGEAR R7000P version prior to 1.0.0.56, update to version 1.0.0.56 or later. For NETGEAR R7100LG version prior to 1.0.0.32, update to version 1.0.0.32 or later. For NETGEAR R7300DST version prior to 1.0.0.54, update to version 1.0.0.54 or later. For NETGEAR R7900 version prior to 1.0.1.18, update to version 1.0.1.18 or later. For NETGEAR R8000 version prior to 1.0.3.44, update to version 1.0.3.44 or later. For NETGEAR R8300 version prior to 1.0.2.100 1.0.82, update to version 1.0.2.100 1.0.82 or later. For NETGEAR R8500 version prior to 1.0.2.100 1.0.82, update to version 1.0.2.100 1.0.82 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR D6100 versions 1.0.0.0 through 1.0.0.57 NETGEAR D7800 versions 1.0.0.0 through 1.0.1.39 NETGEAR R7500v2 versions 1.0.0.0 through 1.0.3.33 NETGEAR R7800 versions 1.0.0.0 through 1.0.2.51 NETGEAR R8900 versions 1.0.0.0 through 1.0.4.1 NETGEAR R9000 versions 1.0.0.0 through 1.0.3.15 NETGEAR RAX120 versions 1.0.0.0 through 1.0.0.73 NETGEAR RBK20 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBR20 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBS20 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBK50 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBR50 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBS50 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBK40 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBS40 versions 2.3.0.0 through 2.3.0.21 NETGEAR SRK60 versions 2.2.0.0 through 2.2.0.63 NETGEAR SRR60 versions 2.2.0.0 through 2.2.0.63 NETGEAR SRS60 versions 2.2.0.0 through 2.2.0.63 NETGEAR WNDR3700v4 versions 1.0.0.0 through 1.0.2.101 NETGEAR WNDR4300 versions 1.0.0.0 through 1.0.2.103 NETGEAR WNDR4300v2 versions 1.0.0.0 through 1.0.0.55 NETGEAR WNDR4500v3 versions 1.0.0.0 through 1.0.0.55 NETGEAR WNR2000v5 versions 1.0.0.0 through 1.0.0.65 **Description** A stack-based buffer overflow issue affects certain NETGEAR devices, allowing an authenticated user to potentially exploit the vulnerability. **Recommendations** Update NETGEAR D6100 to version 1.0.0.58 or later. Update NETGEAR D7800 to version 1.0.1.40 or later. Update NETGEAR R7500v2 to version 1.0.3.34 or later. Update NETGEAR R7800 to version 1.0.2.52 or later. Update NETGEAR R8900 to version 1.0.4.2 or later. Update NETGEAR R9000 to version 1.0.3.16 or later. Update NETGEAR RAX120 to version 1.0.0.74 or later. Update NETGEAR RBK20 to version 2.3.0.22 or later. Update NETGEAR RBR20 to version 2.3.0.22 or later. Update NETGEAR RBS20 to version 2.3.0.22 or later. Update NETGEAR RBK50 to version 2.3.0.22 or later. Update NETGEAR RBR50 to version 2.3.0.22 or later. Update NETGEAR RBS50 to version 2.3.0.22 or later. Update NETGEAR RBK40 to version 2.3.0.22 or later. Update NETGEAR RBS40 to version 2.3.0.22 or later. Update NETGEAR SRK60 to version 2.2.0.64 or later. Update NETGEAR SRR60 to version 2.2.0.64 or later. Update NETGEAR SRS60 to version 2.2.0.64 or later. Update NETGEAR WNDR3700v4 to version 1.0.2.102 or later. Update NETGEAR WNDR4300 to version 1.0.2.104 or later. Update NETGEAR WNDR4300v2 to version 1.0.0.56 or later. Update NETGEAR WNDR4500v3 to version 1.0.0.56 or later. Update NETGEAR WNR2000v5 to version 1.0.0.66 or later.

**Name of the Vulnerable Software and Affected Versions** SAP Sybase ASE version 15.7 before SP51 **Description** The issue allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials. **Recommendations** For SAP Sybase ASE version 15.7 before SP51, update to SP51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 versions 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 **Description** A stack-based buffer overflow issue exists in the SQL/PSM Stored Procedure infrastructure, potentially allowing remote authenticated users to execute arbitrary code by debugging a stored procedure. **Recommendations** For IBM DB2 version 9.1, update to a version that includes the fix for this issue. For IBM DB2 version 9.5, update to a version that includes the fix for this issue. For IBM DB2 version 9.7, apply FP7 or a later fix pack to resolve the issue. For IBM DB2 version 9.8, update to a version that includes the fix for this issue. For IBM DB2 version 10.1, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 versions 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 **Description** The issue allows remote authenticated users to bypass intended restrictions on viewing table data. This is achieved by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements, which are not properly checked. **Recommendations** For IBM DB2 version 9.5 before FP9, update to FP9 or later. For IBM DB2 versions 9.7 through FP5, update to FP6 or later. For IBM DB2 versions 9.8 through FP4, update to FP5 or later.