Roman

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An out-of-bounds access issue exists in the AMD display driver within the Linux kernel. The `eng id` variable is used as an index for the `stream enc regs[]` array, which contains only five entries. If `eng id` is negative or equal to 5 (ENGINE ID DIGF), the system may access memory beyond the array boundaries. This occurs within the `dcn35 stream encoder create()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CVAT versions 2.8.1 through 2.52.0 **Description** CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on a CVAT instance can retrieve the contents of any file system directory accessible to the CVAT server. The exposed information includes the names of contained files and subdirectories, but not the file contents themselves. **Recommendations** Update to version 2.53.0 or later.

**Name of the Vulnerable Software and Affected Versions** Blurams Lumi Security Camera (A31C) version 23.0406.435.4120 **Description** An issue in the Blurams Lumi Security Camera allows attackers to execute arbitrary code. **Recommendations** For version 23.0406.435.4120, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blurams Lumi Security Camera (A31C) version 2.3.38.12558 **Description** An issue in the Blurams Lumi Security Camera allows a physically proximate attacker to execute arbitrary code. **Recommendations** For version 2.3.38.12558, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Meross MSG100 devices versions prior to 3.2.3 Description: The issue allows an attacker to replay the same data or similar data. For example, an attacker who intercepts a Close message can transmit an acceptable Open message. Recommendations: For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BASETech GE-131 BT-1837836 firmware version 20180921 **Description** The web-server in the system is configured with the option "DocumentRoot /etc", allowing an attacker with network access to download any files from the "/etc" folder without authentication. This issue can be exploited without the need for path traversal sequences, enabling unauthenticated remote attackers to gain access to sensitive information. **Recommendations** For BASETech GE-131 BT-1837836 firmware version 20180921, consider reconfiguring the web-server to restrict access to sensitive files in the "/etc" folder, or apply alternative security measures to prevent unauthorized file downloads until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BASETech GE-131 BT-1837836 firmware version 20180921 **Description** A predictable device ID in the firmware allows unauthenticated remote attackers to connect to the device. **Recommendations** For BASETech GE-131 BT-1837836 firmware version 20180921, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.17.1 through 2.18 Bugzilla version 2.19.1 Bugzilla version 2.19.2 **Description** The issue allows local users to potentially gain sensitive information from web logs or browser history when a user is prompted to log in while attempting to view a chart, as the password is displayed in the URL. **Recommendations** For Bugzilla versions 2.17.1 through 2.18, consider restricting access to web logs and browser history to minimize the risk of exploitation. For Bugzilla version 2.19.1, avoid using the password parameter in the affected login functionality until the issue is resolved. For Bugzilla version 2.19.2, as a temporary workaround, consider disabling the chart viewing feature for unauthenticated users until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.