Nicolas Fasolo

**Name of the Vulnerable Software and Affected Versions** OXHOO TP50 OXH1.50 **Description** An issue allows unauthenticated attackers to access the administrative panel via browsing to the URL "http://device ip/index1.html". **Recommendations** For OXHOO TP50 OXH1.50, as a temporary workaround, consider restricting access to the "http://device ip/index1.html" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sangfor VDI Client version 5.4.2.1006 **Description** The issue allows attackers to discover the contents of the `Username` and `Password` fields when they are able to read process memory. This occurs due to a problem in the SangforCSClient.exe component of the Sangfor VDI Client. **Recommendations** For Sangfor VDI Client version 5.4.2.1006, consider implementing additional security measures to protect process memory, such as restricting access to sensitive data or using encryption to secure the `Username` and `Password` fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.