Nolan Ray

**Name of the Vulnerable Software and Affected Versions** Spinnaker versions prior to 1.23.4 Spinnaker versions prior to 1.22.4 Spinnaker versions prior to 1.21.5 **Description** A security issue exists in the handling of SpEL expressions, allowing an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests. **Recommendations** For versions prior to 1.23.4, update to version 1.23.4 or later. For versions prior to 1.22.4, update to version 1.22.4 or later. For versions prior to 1.21.5, update to version 1.21.5 or later.

**Name of the Vulnerable Software and Affected Versions** SHDesigns' Resident Download Manager (affected versions not specified) **Description** The Resident Download Manager, used for firmware updates on Rabbit 2000/3000 CPU boards in some industrial control and embedded applications, does not verify the authenticity of firmware before execution and deployment. This allows a remote attacker, capable of sending UDP traffic to the device, to potentially execute arbitrary code on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.