Masaaki Chida

**Name of the Vulnerable Software and Affected Versions** Lanscope Endpoint Manager (On-Premises) versions prior to 9.4.7.4 **Description** A path traversal issue exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server. This could allow an attacker to modify files and execute code on a vulnerable system. The vulnerability affects the Sub-Manager Server component. **Recommendations** Update Lanscope Endpoint Manager (On-Premises) to version 9.4.7.4 or later.

Name of the Vulnerable Software and Affected Versions: Cybozu Remote Service versions 3.1.8 through 3.1.9 Description: A cross-site request forgery (CSRF) issue exists in the management screen, allowing a remote attacker to hijack the authentication of administrators. This could lead to unintended operations being performed. Recommendations: For Cybozu Remote Service versions 3.1.8 through 3.1.9, consider implementing additional security measures to prevent CSRF attacks, such as validating request tokens or restricting access to the management screen until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.9.4-7 **Description** The issue is related to a directory traversal vulnerability in the magick/module.c component of ImageMagick, which can be exploited by remote attackers to load arbitrary modules via unspecified vectors. This vulnerability is associated with insufficient restrictions on directory path names. **Recommendations** For ImageMagick versions 6.9.4-7, consider restricting access to the magick/module.c component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable module in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.4-7 **Description** The issue is related to a memory leak in the NewXMLTree function in magick/xml-tree.c. This allows remote attackers to cause a denial of service by consuming memory via a crafted XML file. **Recommendations** For versions prior to 6.9.4-7, update to version 6.9.4-7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the NewXMLTree function until a patch is available. Avoid processing untrusted XML files with the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FUJITSU F-12C (affected versions not specified) ARROWS Tab LTE F-01D (affected versions not specified) ARROWS Kiss F-03D (affected versions not specified) REGZA Phone T-01D for Android (affected versions not specified) **Description** The issue allows local users to execute arbitrary commands via unspecified vectors. There is no information available about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Syslink driver for Texas Instruments OMAP mobile processor (affected versions not specified) **Description** The issue is related to multiple unspecified vulnerabilities in the Syslink driver. These vulnerabilities could allow local users to execute arbitrary code or read kernel memory. The cause is related to improper data validation of userland data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 3.1.0 through 3.7 SP3 **Description** The issue allows remote attackers to execute arbitrary commands. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For Cybozu Garoon versions 3.1.0 through 3.7 SP3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FuelPHP versions 1.1 through 1.7.1 **Description** The issue concerns the auto-format feature in the Request Curl class, which allows remote attackers to execute arbitrary code via a crafted response. **Recommendations** For FuelPHP versions 1.1 through 1.7.1, consider disabling the auto-format feature in the Request Curl class until a patch is available. Restrict access to the Request Curl class to minimize the risk of exploitation. Avoid using the auto-format feature in the Request Curl class until the issue is resolved.