Rayhong

**Name of the Vulnerable Software and Affected Versions** Juiker app (affected versions not specified) **Description** The issue concerns the storage of debug logs by the Juiker app, which includes sensitive information such as personal contacts, to the mobile device's external storage. This allows an unauthenticated physical attacker to access these files and acquire partial user information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juiker app (affected versions not specified) **Description** The issue concerns a hard-coded AES key in the source code of the Juiker app. This allows a physical attacker, who has gained Android root privilege, to use the AES key and decrypt users' ciphertext, potentially tampering with it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Teamplus Pro (affected versions not specified) **Description** The issue is related to an 'allocation of resource without limits or throttling' problem in the community discussion function. A remote attacker with general user privileges can post a thread with large content, causing the receiving client device to allocate excessive memory. This leads to the abnormal termination of the Teamplus Pro application on the client's device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Teamplus Pro (affected versions not specified) **Description** The issue is related to an 'allocation of resource without limits or throttling' vulnerability in the thread subject field of the community discussion feature. A remote attacker with general user privileges can post a thread subject with large content, causing the server to allocate excessive memory. This can lead to missing partial post content and disrupt partial service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Teamplus Pro (affected versions not specified) **Description** A remote attacker with general user privilege can send a message to Teamplus Pro's chat group that exceeds the message size limit, which can terminate other recipients' Teamplus Pro chat process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.