Pietro Oliva

**Name of the Vulnerable Software and Affected Versions** ReadyTalk Avian version 1.2.0 **Description** An issue was discovered in the `vm::arrayCopy` method defined in `classpath-common.h`, which contains multiple boundary checks to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For ReadyTalk Avian version 1.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReadyTalk Avian version 1.2.0 **Description** An issue was discovered in the `vm::arrayCopy` method defined in `classpath-common.h`, which returns silently when a negative length is provided, instead of throwing an exception. This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. The issue only affects products that are no longer supported by the maintainer. **Recommendations** For ReadyTalk Avian version 1.2.0, consider disabling the `vm::arrayCopy` method until a patch is available, or apply alternative mitigation measures to prevent potential data loss. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link NC200 version 2.1.9 build 200225 TP-Link NC210 version 1.0.9 build 200304 TP-Link NC220 version 1.3.0 build 200304 TP-Link NC230 version 1.3.0 build 200304 TP-Link NC250 version 1.3.0 build 200304 TP-Link NC260 version 1.5.2 build 200304 TP-Link NC450 version 1.5.3 build 200304 **Description** The issue allows Command Injection in certain TP-Link devices. **Recommendations** For TP-Link NC200 version 2.1.9 build 200225, update to a newer version to mitigate the risk. For TP-Link NC210 version 1.0.9 build 200304, update to a newer version to mitigate the risk. For TP-Link NC220 version 1.3.0 build 200304, update to a newer version to mitigate the risk. For TP-Link NC230 version 1.3.0 build 200304, update to a newer version to mitigate the risk. For TP-Link NC250 version 1.3.0 build 200304, update to a newer version to mitigate the risk. For TP-Link NC260 version 1.5.2 build 200304, update to a newer version to mitigate the risk. For TP-Link NC450 version 1.5.3 build 200304, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** TP-Link NC200 version 2.1.9 build 200225 TP-Link N210 version 1.0.9 build 200304 TP-Link NC220 version 1.3.0 build 200304 TP-Link NC230 version 1.3.0 build 200304 TP-Link NC250 version 1.3.0 build 200304 TP-Link NC260 version 1.5.2 build 200304 TP-Link NC450 version 1.5.3 build 200304 **Description** The issue is related to a Hardcoded Encryption Key in certain TP-Link devices. **Recommendations** For TP-Link NC200 version 2.1.9 build 200225, consider updating to a newer version. For TP-Link N210 version 1.0.9 build 200304, consider updating to a newer version. For TP-Link NC220 version 1.3.0 build 200304, consider updating to a newer version. For TP-Link NC230 version 1.3.0 build 200304, consider updating to a newer version. For TP-Link NC250 version 1.3.0 build 200304, consider updating to a newer version. For TP-Link NC260 version 1.5.2 build 200304, consider updating to a newer version. For TP-Link NC450 version 1.5.3 build 200304, consider updating to a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link NC260 version 1.5.2 build 200304 TP-Link NC450 version 1.5.3 build 200304 **Description** The issue allows Command Injection, which can be exploited by attackers. This affects certain TP-Link devices. **Recommendations** For TP-Link NC260 version 1.5.2 build 200304, update to a newer version that contains a fix for this issue. For TP-Link NC450 version 1.5.3 build 200304, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the affected devices until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TP-Link NC200 versions 2.1.8 Build 171109 and earlier TP-Link NC210 versions 1.0.9 Build 171214 and earlier TP-Link NC220 versions 1.3.0 Build 180105 and earlier TP-Link NC230 versions 1.3.0 Build 171205 and earlier TP-Link NC250 versions 1.3.0 Build 171205 and earlier TP-Link NC260 versions 1.5.1 Build 190805 and earlier TP-Link NC450 versions 1.5.0 Build 181022 and earlier **Description** The issue allows a remote NULL Pointer Dereference. This means that an attacker could potentially cause a device to crash or become unstable by sending a specific type of request to the device. **Recommendations** For TP-Link NC200 versions 2.1.8 Build 171109 and earlier, update to a version later than 2.1.8 Build 171109. For TP-Link NC210 versions 1.0.9 Build 171214 and earlier, update to a version later than 1.0.9 Build 171214. For TP-Link NC220 versions 1.3.0 Build 180105 and earlier, update to a version later than 1.3.0 Build 180105. For TP-Link NC230 versions 1.3.0 Build 171205 and earlier, update to a version later than 1.3.0 Build 171205. For TP-Link NC250 versions 1.3.0 Build 171205 and earlier, update to a version later than 1.3.0 Build 171205. For TP-Link NC260 versions 1.5.1 Build 190805 and earlier, update to a version later than 1.5.1 Build 190805. For TP-Link NC450 versions 1.5.0 Build 181022 and earlier, update to a version later than 1.5.0 Build 181022.

**Name of the Vulnerable Software and Affected Versions** Buddypress plugin versions prior to 1.9.2 **Description** The issue concerns a missing permissions check in the group creation process of the Buddypress plugin, allowing remote authenticated users to gain control of arbitrary groups. **Recommendations** For versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress Pods plugin versions prior to 2.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in an edit action in the pods page to "wp-admin/admin.php". **Recommendations** For WordPress Pods plugin versions prior to 2.5, update to version 2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BulletProof Security plugin versions prior to .51.1 **Description** A server-side request forgery (SSRF) issue allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the `dbhost` parameter in the admin/htaccess/bpsunlock.php file. **Recommendations** For versions prior to .51.1, update to version .51.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/htaccess/bpsunlock.php file to minimize the risk of exploitation. Avoid using the `dbhost` parameter in the affected file until the issue is resolved.