Nahamsec

**Name of the Vulnerable Software and Affected Versions** Zoom Workplace App for Linux versions prior to 6.2.10 **Description** The issue is related to type confusion in the application, which may allow an authorized user to conduct an escalation of privilege via network access. This could potentially lead to unauthorized access and control. There is evidence of this issue being exploited in real-world attacks, with logs showing successful exploitation, memory region mapping, shellcode injection, and root privileges being obtained. **Recommendations** For Zoom Workplace App for Linux versions prior to 6.2.10, update to version 6.2.10 or later to resolve the issue. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sal versions prior to 4.1.7 **Description** The issue concerns an XSS vulnerability located in the machine list view of the Sal reporting dashboard. **Recommendations** For versions prior to 4.1.7, update to version 4.1.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR D7800 versions prior to 1.0.1.34 NETGEAR EX6100v2 versions prior to 1.0.1.50 NETGEAR EX6150v2 versions prior to 1.0.1.50 NETGEAR EX6200v2 versions prior to 1.0.1.44 NETGEAR EX6400 versions prior to 1.0.1.60 NETGEAR EX7300 versions prior to 1.0.1.60 NETGEAR R6100 versions prior to 1.0.1.16 NETGEAR R7500 versions prior to 1.0.0.110 NETGEAR R7800 versions prior to 1.0.2.32 NETGEAR R9000 versions prior to 1.0.2.30 NETGEAR WN3000RPv3 versions prior to 1.0.2.50 NETGEAR WNDR4300v2 versions prior to 1.0.0.50 NETGEAR WNDR4500v3 versions prior to 1.0.0.50 **Description** The issue allows command injection by an authenticated user. **Recommendations** For NETGEAR D7800 version prior to 1.0.1.34, update to version 1.0.1.34 or later. For NETGEAR EX6100v2 version prior to 1.0.1.50, update to version 1.0.1.50 or later. For NETGEAR EX6150v2 version prior to 1.0.1.50, update to version 1.0.1.50 or later. For NETGEAR EX6200v2 version prior to 1.0.1.44, update to version 1.0.1.44 or later. For NETGEAR EX6400 version prior to 1.0.1.60, update to version 1.0.1.60 or later. For NETGEAR EX7300 version prior to 1.0.1.60, update to version 1.0.1.60 or later. For NETGEAR R6100 version prior to 1.0.1.16, update to version 1.0.1.16 or later. For NETGEAR R7500 version prior to 1.0.0.110, update to version 1.0.0.110 or later. For NETGEAR R7800 version prior to 1.0.2.32, update to version 1.0.2.32 or later. For NETGEAR R9000 version prior to 1.0.2.30, update to version 1.0.2.30 or later. For NETGEAR WN3000RPv3 version prior to 1.0.2.50, update to version 1.0.2.50 or later. For NETGEAR WNDR4300v2 version prior to 1.0.0.50, update to version 1.0.0.50 or later. For NETGEAR WNDR4500v3 version prior to 1.0.0.50, update to version 1.0.0.50 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iBooks Author versions prior to 2.4.1 **Description** The issue allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 **Description** The issue is related to an XML External Entity (XXE) problem, where an incorrect restriction of XML links to external objects allows a remote attacker to read arbitrary files. This can be achieved by using a specially crafted iBook file that contains references to external XML objects. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later to resolve the issue. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iWork versions prior to 2.6 for iOS Apple Keynote versions prior to 6.6 Apple Pages versions prior to 5.6 Apple Numbers versions prior to 3.6 **Description** The issue allows remote attackers to obtain sensitive information via a crafted document. **Recommendations** For Apple iWork versions prior to 2.6 for iOS, update to version 2.6 or later. For Apple Keynote versions prior to 6.6, update to version 6.6 or later. For Apple Pages versions prior to 5.6, update to version 5.6 or later. For Apple Numbers versions prior to 3.6, update to version 3.6 or later.