Sean Melia

**Name of the Vulnerable Software and Affected Versions** PDFreactor versions prior to 10.1.10722 **Description** The issue is related to a lack of validation in the HTML parser, which can lead to Server-Side Request Forgery (SSRF). This allows attackers to access network or file resources on behalf of the server by supplying malicious HTML content. **Recommendations** For versions prior to 10.1.10722, update to version 10.1.10722 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RealObjects PDFreactor versions prior to 10.1.10722 **Description** The issue allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions. This is due to an XXE (XML External Entity) issue in the XML parser library. **Recommendations** For versions prior to 10.1.10722, update to version 10.1.10722 or later to resolve the issue. As a temporary workaround, consider restricting the use of externally referenced resources in the XML parser library until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Wowza Streaming Engine version 4.7.4.01 **Description** The issue allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. This is related to the REST API in Wowza Streaming Engine. **Recommendations** For Wowza Streaming Engine version 4.7.4.01, consider restricting access to the REST API to minimize the risk of exploitation. As a temporary workaround, limit the ability to traverse the directory structure and retrieve files via remote HTTP requests until a patch is available.