Nico Waisman

**Name of the Vulnerable Software and Affected Versions** Sourcegraph versions prior to 3.15.1 **Description** The issue is related to a vulnerable authentication workflow due to improper validation in the `SafeRedirectURL` method. This method, located in `cmd/frontend/auth/redirect.go`, fails to properly validate URLs, which can be exploited. For example, the substring `//foo//example.com` can be used to bypass validation. **Recommendations** For versions prior to 3.15.1, update to version 3.15.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `SafeRedirectURL` method in `cmd/frontend/auth/redirect.go` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** cnlh nps versions 0.23.2 and earlier **Description** The issue arises from the use of 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps in lib/install/install.go, allowing a local user to overwrite files. **Recommendations** For versions 0.23.2 and earlier, consider changing the permissions of /usr/local/bin/nps and /usr/bin/nps to prevent file overwrites by local users. As a temporary workaround, restrict access to these files until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** The Sleuth Kit (TSK) version 4.6.6 **Description** An issue was discovered in The Sleuth Kit (TSK) where there is an off-by-one overwrite due to an underflow. This occurs in the `hfind.cpp` file, specifically when using a bogus hash table in the `tools/hashtools` directory. **Recommendations** For version 4.6.6, consider restricting access to the `hfind.cpp` tool until a patch is available. As a temporary workaround, avoid using the `hfind` tool with bogus hash tables to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Sleuth Kit (TSK) version 4.6.6 **Description** An issue was discovered in the parsing of System Use Sharing Protocol data in the iso9660 module, specifically in fs/iso9660.c, which leads to an out of bounds read. **Recommendations** For version 4.6.6, consider updating to a newer version that addresses this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.3.6 **Description** The issue is related to a buffer overflow in the `rtl p2p noa ie` function in the Linux kernel's `rtlwifi` driver. This vulnerability can be exploited remotely, allowing an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with a lack of a certain upper-bound check, leading to a buffer overflow. It can be exploited by sending specially crafted frames, potentially allowing code execution in the context of the kernel. **Recommendations** For Linux kernel versions through 5.3.6, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the `rtlwifi` driver to minimize the risk of exploitation. Avoid using the `rtl p2p noa ie` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but a patch has been proposed by Nicolas Waisman, a security engineer at GitHub.

**Name of the Vulnerable Software and Affected Versions** LodePNG versions through 2019-09-28 **Description** The issue is related to a memory leak in the HuffmanTree makeFromFrequencies function in lodepng.c. This leak occurs because a supplied realloc pointer is also used for a realloc return value. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For LodePNG versions through 2019-09-28, update to a version released after 2019-09-28 to resolve the memory leak issue in the HuffmanTree makeFromFrequencies function.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions 1.1.x through 2.0.0-rc4 **Description** The issue is related to memory leaks in the FreeRDP implementation due to improper handling of a supplied realloc pointer. This can lead to a denial of service. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For FreeRDP versions 1.1.x through 2.0.0-rc4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.