Maxpl0It

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 149 Firefox ESR versions prior to 115.34 and 140.9 Thunderbird versions prior to 149 and 140.9 Description: A flaw exists in the JavaScript Engine's JIT component, specifically a JIT miscompilation issue. This can lead to potential security risks. Recommendations: Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later, or 140.9 or later. Update Thunderbird to version 149 or later, or 140.9 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. The vulnerability is related to the incorrect calculation of the packet header size in the `ipv6 rpl segdata pos()` function in the `net/ipv6/rpl.c` module. The issue can be exploited by sending specially crafted IPv6 packets, potentially leading to a system crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.24 **Description** The issue is related to errors in resource release in the Core component of Oracle VM VirtualBox. It allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox, potentially causing a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. This could significantly impact additional products. **Recommendations** For versions prior to 6.1.24, update to version 6.1.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.20 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise it. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.20 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti Networks EdgeSwitch versions 1.7.3 and prior **Description** The issue is an externally controlled format-string vulnerability due to lack of protection on the admin CLI. This vulnerability can lead to code execution and privilege escalation, allowing an attacker to gain greater privileges than those of administrators. An attacker with access to an admin account could exploit this to escape the restricted CLI and execute arbitrary code. **Recommendations** For Ubiquiti Networks EdgeSwitch versions 1.7.3 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti Networks EdgeSwitch versions 1.7.3 and prior **Description** The issue arises from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions. **Recommendations** For Ubiquiti Networks EdgeSwitch versions 1.7.3 and prior, consider restricting access to the admin CLI to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the use of the admin account and monitor for any suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.