Mikhail

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.3 Safari versions prior to 9.1.2 tvOS versions prior to 9.2.2 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, via a crafted web site. **Recommendations** For Apple iOS versions prior to 9.3.3, update to version 9.3.3 or later. For Safari versions prior to 9.1.2, update to version 9.1.2 or later. For tvOS versions prior to 9.2.2, update to version 9.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.x **Description** The issue is related to the Direct Rendering Manager (DRM) subsystem in the Linux kernel, which mishandles requests for Graphics Execution Manager (GEM) objects. This allows attackers to cause a denial of service (memory consumption) via an application that processes graphics data. For example, this can be demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. **Recommendations** For Linux kernel versions prior to 5.x, update to version 5.x or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZPanel version 2.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `uname` parameter to "index.php" or the `page` parameter to "zpanel.php". **Recommendations** For ZPanel version 2.0, consider restricting access to the `uname` parameter in "index.php" and the `page` parameter in "zpanel.php" to minimize the risk of exploitation. Avoid using these parameters until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ZPanel versions 2.0 ZPanel versions 2.5 beta 10 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code in ZPanel 2.0 or include local files in ZPanel 2.5 beta 10 and earlier by modifying the `page` parameter. **Recommendations** For ZPanel version 2.0, update to a version that fixes the remote file inclusion issue. For ZPanel versions 2.5 beta 10 and earlier, update to a version that fixes the local file inclusion issue. As a temporary workaround, consider restricting access to the `page` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ZPanel versions 2.0 through 2.5 beta 10 **Description** The issue allows remote attackers to reinstall the software and possibly cause a denial of service. This is due to the software not removing or protecting installation scripts after they have been used. Attackers can exploit this via a direct request to "install.php". **Recommendations** For ZPanel versions 2.0 through 2.5 beta 10, consider removing or protecting the installation scripts after use to prevent unauthorized access. As a temporary workaround, restrict access to the "install.php" endpoint to minimize the risk of exploitation.