R0T0Tiller

**Name of the Vulnerable Software and Affected Versions** MacDown version 0.7.1 **Description** The issue allows remote code execution via a `file:` URI with a `.app` pathname in the `HREF` attribute of an `A` element. **Recommendations** For MacDown version 0.7.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Typora version 0.9.9.21.1 **Description** The issue allows for arbitrary code execution through a modified file: URL syntax in the HREF attribute of an AREA element. This can be achieved using specific file paths, such as file: on macOS or Linux, or file://C| on Windows. **Recommendations** For version 0.9.9.21.1, consider disabling the use of file: URL syntax in the HREF attribute of AREA elements until a patch is available. Restrict access to potentially vulnerable AREA elements to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Npcap version 0.992 **Description** An issue was discovered that could lead to kernel pool corruption when sending a malformed .pcap file with the loopback adapter using either the `pcap sendqueue queue()` or `pcap sendqueue transmit()` functions. This could result in arbitrary code execution inside the Windows kernel and allow escalation of privileges. **Recommendations** For Npcap version 0.992, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Caret versions prior to 2019-02-22 **Description** The issue allows for Remote Code Execution. **Recommendations** For versions prior to 2019-02-22, update to a version released after 2019-02-22 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Creolabs Gravity version 1.0 **Description** The issue is related to a stack-based buffer overflow in the `operator string add` function, which can result in remote code execution. **Recommendations** For Creolabs Gravity version 1.0, consider disabling the `operator string add` function until a patch is available to prevent potential remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Creolabs Gravity version 1.0 **Description** The issue allows for potential code execution by creating a large loop that pushes data to a buffer, breaking the bounds checking of the buffer. When `list.join` is called on the data, it reads past the buffer, resulting in a Heap-Buffer-Overflow. This can be achieved by exploiting the `list.join` function. **Recommendations** For Creolabs Gravity version 1.0, consider restricting the size of data pushed to the buffer to prevent the Heap-Buffer-Overflow. As a temporary workaround, consider disabling the `list.join` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Creolabs Gravity version 1.0 **Description** The issue is related to a Use-After-Free condition, which can lead to possible code execution. Specifically, it is a Heap-Use-After-Free that occurs after the 'sublexer' pointer has been freed. In the gravity lexer.c file, at line 542, the `lexer` is being used to access a variable, but the `lexer` has already been freed, creating a Heap Use-After-Free condition. **Recommendations** For Creolabs Gravity version 1.0, as a temporary workaround, consider restricting access to the `lexer` variable after it has been freed to minimize the risk of exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Creolabs Gravity version 1.0 **Description** The issue is related to a stack overflow in the `string repeat()` function. **Recommendations** For Creolabs Gravity version 1.0, consider disabling the `string repeat()` function as a temporary workaround until a patch is available.