Nathan Nye

**Name of the Vulnerable Software and Affected Versions** NPort 6000 Series (affected versions not specified) **Description** A vulnerability has been identified in the authentication mechanism of the NPort 6000 Series, arising from the incorrect implementation of sensitive information protection. This could potentially allow malicious users to gain unauthorized access to the web service. The issue is related to the incorrect implementation of the authentication algorithm, which may enable a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.6 macOS Catalina versions prior to Security Update 2021-005 **Description** A permissions issue existed, allowing a local attacker to potentially elevate their privileges. This issue was addressed with improved permission validation. **Recommendations** For macOS Catalina, apply Security Update 2021-005 to resolve the issue. For macOS Big Sur, update to version 11.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6 macOS Catalina versions prior to Security Update 2021-005 **Description** A local user may be able to read arbitrary files as root due to insufficient checks. This issue was addressed with improved checks. **Recommendations** For macOS Catalina, apply Security Update 2021-005 to resolve the issue. For macOS Big Sur, update to version 11.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.6 macOS Catalina versions prior to Security Update 2021-005 **Description** A URI parsing issue was addressed with improved parsing, which could allow a local user to execute arbitrary files. **Recommendations** For macOS Catalina, apply Security Update 2021-005 to resolve the issue. For macOS Big Sur, update to version 11.6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: guix-daemon versions prior to v1.2.0-75109-g94f0312546 guix-daemon versions v0.11.0-3298-g2608e40988 and later Description: A security issue has been discovered that can lead to local privilege escalation. It affects multi-user setups where guix-daemon runs locally. The attack involves an unprivileged user creating a build process, making its build directory world-writable, and then creating a hardlink to a root-owned file, such as /etc/shadow, in that directory. If the build fails and the --keep-failed option is used, the daemon changes ownership of the build tree, including the hardlink, to the user, granting them write access to the target file. Recommendations: For versions prior to v1.2.0-75109-g94f0312546, update to a version that includes the fix for this issue. For versions v0.11.0-3298-g2608e40988 and later, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the `guix build` command with the --keep-failed option to prevent potential exploitation.