Nini

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions 7.1.14 through 7.2.4 **Description** The issue resides in the Core component of Oracle VM VirtualBox and is due to insufficient input validation. Exploitation may allow an attacker to gain full control over the application and potentially compromise Oracle VM VirtualBox. Successful attacks can result in a takeover of Oracle VM VirtualBox, and may significantly impact additional products. The vulnerability is difficult to exploit and requires a high-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is running. The vulnerability can be leveraged to achieve AAR/AAW and facilitate VM escape. **Recommendations** Oracle VM VirtualBox version 7.1.14 should be updated. Oracle VM VirtualBox version 7.2.4 should be updated.

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings (affected versions not specified) Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings, with no authentication required for exploitation. The flaw exists within the Hub Local API service, which listens on TCP port 8766 by default, due to the lack of proper verification of a `cryptographic signature`. An attacker can leverage this to bypass authentication on the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinRAR (affected versions not specified) **Description** This issue allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of WinRAR. User interaction is required to exploit this issue, where the target must perform a specific action on a malicious page. The flaw exists within the archive extraction functionality, where a crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mikrotik RouterOS (affected versions not specified) **Description** The issue is related to a buffer overflow in the radvd daemon of Mikrotik RouterOS, which occurs when processing user-supplied data. This can be exploited by a remote attacker to execute arbitrary code on the affected device. The vulnerability is due to the lack of proper validation of user-supplied data, allowing a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. The estimated number of potentially affected devices is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.