Michał Majchrowicz

**Name of the Vulnerable Software and Affected Versions** Jansi JNI (affected versions not specified) **Description** A heap buffer overflow occurs in the Jansi JNI `ioctl()` wrapper because the system fails to verify the size of the argument array before the system call. This flaw can result in heap corruption and application crashes, leading to a Denial of Service (DoS), which is a condition where a service becomes unavailable to its intended users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bzip2 versions prior to 1.0.9 **Description** The bzip2recover utility contains an off-by-one error. When processing a specially crafted file, the application performs an out-of-bounds write to a global buffer, which leads to memory corruption and a crash, resulting in a denial of service. **Recommendations** Update to version 1.0.9.

**Name of the Vulnerable Software and Affected Versions** vifm versions 0.12.1 through 0.14.3 **Description** A heap buffer overflow occurs during the history merge process when saving the state file (vifminfo.json). This is caused by a lack of runtime checks on the length of history entries in release builds, which may allow a crafted long path or command in the history to cause memory corruption or application crashes. A heap buffer overflow is a memory corruption issue that happens when a program writes more data to a heap-allocated memory block than it can hold. **Recommendations** Update to the version containing commit 23063c7.

**Name of the Vulnerable Software and Affected Versions** simdjson versions prior to 4.6.4 **Description** An integer overflow in the document-builder API occurs during buffer size calculations within the `string builder::escape and append()` function when processing very large input strings on platforms with limited `size t` width, such as 32-bit builds. This overflow can lead to insufficient buffer allocation, causing out-of-bounds memory reads in SIMD (Single Instruction, Multiple Data) routines, which may result in memory corruption, information disclosure, or malformed JSON output. **Recommendations** Update to version 4.6.4.

**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.4 **Description** A reflected Cross-Site Scripting (XSS) issue exists in the '/install/install.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.4 **Description** A Reflected Cross-Site Scripting (XSS) issue exists in the '/install/upgrade.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gnu sed versions prior to 4.10 **Description** A race condition exists when the software is invoked with both -i (in-place edit) and --follow-symlinks. The function `open next file()` performs two separate, non-atomic filesystem operations on the same path: it resolves the symlink to its target to determine where output is written, and then opens the original symlink path to read the file. An attacker can atomically replace the symlink with a different target between these two calls, causing the software to read content from the new target and write the processed result to the path recorded in the first step. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the process. **Recommendations** Update to version 4.10.

**Name of the Vulnerable Software and Affected Versions** Smartwares cameras versions up to 3.3.0 **Description** The issue allows for path traversal attacks, enabling access to sensitive information by manipulating file paths. When connected to a mobile app, affected devices open port 10000, allowing users to download pictures by providing specific file paths. However, the directories accessible to users are not properly restricted, facilitating the path traversal attacks. The vendor has not responded to reports, and the patching status is unknown. **Recommendations** For versions up to 3.3.0, as a temporary workaround, consider restricting access to port 10000 when not in use, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartwares cameras versions up to 3.3.0 **Description** The issue concerns command injection during the initialization process of the cameras. When a user provides Access Point credentials through a mobile app, the input is not properly sanitized, allowing for command injection. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. The vendor has not replied to reports, so the patching status remains unknown. **Recommendations** For versions up to 3.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartwares cameras versions up to 3.3.0 **Description** The issue concerns the sharing of the same credentials for the telnet service among Smartwares cameras, including models CIP-37210AT and C724IP, which run firmware versions up to 3.3.0. An attacker with physical access to the SPI connected memory can retrieve the hash of the password. The telnet service is enabled when a specific folder is created on the inserted SD card. The patching status and the range of affected devices and firmware versions remain unknown due to the vendor's lack of response. It is also possible that newer firmware versions may be vulnerable. **Recommendations** For versions up to 3.3.0, consider disabling the telnet service as a temporary workaround until the patching status is confirmed. Restrict access to the SPI connected memory to minimize the risk of exploitation. Avoid using the affected firmware versions until the vendor provides a fix or confirmation of the patching status. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kentico CMS version 7 **Description** The issue is a Reflected XSS attack that occurs through the manipulation of a specific GET request parameter sent to the "/CMSMessages/AccessDenied.aspx" endpoint. Support for Kentico CMS version 7 ended in 2016. It is noted that version 8 does not contain this issue. **Recommendations** For Kentico CMS version 7, as support has ended and this version is vulnerable, consider upgrading to a supported version to mitigate the risk. As a temporary workaround, consider restricting access to the "/CMSMessages/AccessDenied.aspx" endpoint until a more permanent solution can be applied. Avoid using the vulnerable GET request parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PAN-OS (affected versions not specified) **Description** A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. The vulnerability is related to the lack of protection of the web page structure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CKEditor 4 versions prior to 4.24.0-lts **Description** A cross-site scripting vulnerability has been discovered in CKEditor 4, affecting versions prior to 4.24.0-lts that use the `preview` feature. This vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. **Recommendations** For CKEditor 4 versions prior to 4.24.0-lts, update to version 4.24.0-lts to resolve the issue. As a temporary workaround, consider disabling the `preview` feature until a patch is available. Restrict access to the affected samples, such as `samples/old/**/*.html` and `plugins/[plugin name]/samples/**/*.html`, to minimize the risk of exploitation. Avoid using the misconfigured preview feature in production environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 **Description** The issue allows a local attacker to obtain the password to other systems by decoding the key for an encrypted password. This can be achieved if the attacker gains access to the encrypted password. **Recommendations** For versions 1.1.2 through 1.1.4, consider updating to a version outside of this range to mitigate the risk. For versions 1.1.4.3 through 1.1.9.3, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the encrypted password storage to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 **Description** The issue is related to insufficient authorization procedure in the IBM i Access Client Solutions, allowing a remote attacker to execute arbitrary code due to improper authority checks. This could enable the attacker to perform operations on the PC under the user's authority. **Recommendations** For versions 1.1.2 through 1.1.4, update to a version outside of this range to mitigate the risk. For versions 1.1.4.3 through 1.1.9.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive operations on the PC to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 **Description** The issue allows an attacker to obtain a decryption key due to improper authority checks. **Recommendations** For versions 1.1.2 through 1.1.4, update to a version outside of this range to resolve the issue. For versions 1.1.4.3 through 1.1.9.3, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.