Rory Mcnamara

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: General information about the issue is not available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: General information about the issue is not available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: General information about the issue is not available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: General information about the issue is not available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: General information about the issue is not available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** langchain-experimental versions 0.0.15 through 0.0.21 **Description** The issue allows for Arbitrary Code Execution when retrieving values from the database. An attacker can exploit this by controlling the input prompt and executing arbitrary python code if the server is configured with VectorSQLDatabaseChain. This affects the confidentiality, integrity, and availability of the vulnerable component and the subsequent system. The attacker needs to influence the input prompt to exploit the issue. **Recommendations** For versions 0.0.15 through 0.0.21, consider disabling the `eval` function or restricting access to the VectorSQLDatabaseChain plugin as a temporary workaround until a patch is available. Restricting the input prompt to prevent unauthorized control can also help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** A theoretical request smuggling issue exists in Envoy, a cloud-native, open source edge and service proxy. This occurs when a server is tricked into adding an upgrade header into a response. According to RFC 7230, a server sends a 101 response when switching protocols, but Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade. This allows for the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response. The issue can be exploited by convincing Envoy that a TCP connection was successfully upgraded to WebSocket, which can be done by setting the `upgrade` and `connection` parameters to `websockets` and `upgrade`, respectively. After this, all requests sent to endpoints restricted by AuthorizationPolicy will pass successfully. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wpa supplicant (affected versions not specified) **Description** The issue is related to an uncontrolled search path element in wpa supplicant, allowing a local unprivileged attacker to escalate privileges to the user that wpa supplicant runs as, usually root. Membership in the netdev group or access to the dbus interface of wpa supplicant allows an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa supplicant process. The estimated number of potentially affected devices is in the millions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** snapd (affected versions not specified) **Description** The issue is related to the snapctl component within snapd, which allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorized action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. The vulnerability may also allow a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Proxmox Virtual Environment versions 8.2.2 and earlier **Description** The issue is related to insufficient safeguards against malicious API response values in Proxmox Virtual Environment, allowing authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. This can result in arbitrary file read, potentially leading to full compromise of the system by disclosing sensitive files and allowing for privileged session forgery. Two endpoints were identified that can control the object returned by a request handler, allowing for the 'download' object to be defined and user-controlled. **Recommendations** For Proxmox Virtual Environment version 8.2.2, consider disabling the `handle api2 request` function until a patch is available to prevent arbitrary file read. Restrict access to the vulnerable API endpoints to minimize the risk of exploitation. Avoid using the `download` object in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SuperAGI versions all **Description** The issue is related to the incorrect management of code generation in the `eval()` function of the SuperAGI framework, which can be exploited by a remote attacker to execute arbitrary code and gain full control over the application. This can be achieved by manipulating the output data based on large language models (LLM). An attacker could induce the LLM output to exploit this vulnerability. **Recommendations** For all versions of SuperAGI, consider disabling the `eval()` function as a temporary workaround until a patch is available. Restrict access to the application server to minimize the risk of exploitation. Avoid using the `eval()` function in the SuperAGI application server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 115.0.5790.131 **Description** The issue is related to insufficient validation of untrusted input in Chromad, allowing a remote attacker to execute arbitrary code via a crafted shell script. The severity of this issue is classified as Low by Chromium. **Recommendations** For Google Chrome on ChromeOS versions prior to 115.0.5790.131, update to version 115.0.5790.131 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 88.0.4324.96 **Description** The issue is related to insufficient policy enforcement in the Cryptohome component of Google Chrome, which can allow a local attacker to perform OS-level privilege escalation via a crafted file. This is due to insecure privilege management. **Recommendations** For versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cryptohome component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 87.0.4280.66 **Description** The issue is related to an inappropriate implementation in the filesystem of Google Chrome on ChromeOS, which can be exploited by a remote attacker who has compromised the browser process. This exploitation can allow the attacker to bypass noexec restrictions via a malicious file, potentially leading to the execution of arbitrary code. **Recommendations** For Google Chrome on ChromeOS versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Google Chrome OS versions prior to 62.0.3202.74 Description: The issue is related to insufficient restriction of IPP filters in CUPS, allowing a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file. This is also referred to as a printer zeroconfig CRLF issue. Recommendations: For Google Chrome OS versions prior to 62.0.3202.74, update to version 62.0.3202.74 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome OS versions prior to 59.0.3071.92 **Description** The issue is related to an inappropriate implementation in the image-burner component. A local attacker could potentially read local files by sending dbus-send commands to a BurnImage D-Bus endpoint, specifically the "/org/chromium/flashrom/BurnImage" endpoint, using variables such as `dbus-send` commands. **Recommendations** For Google Chrome OS versions prior to 59.0.3071.92, update to version 59.0.3071.92 or later to resolve the issue.