Sginnora

**Name of the Vulnerable Software and Affected Versions** hashcat version 7.1.2 **Description** A heap-based buffer overflow exists in the `hex to binary` function within the PKZIP hash parser. This occurs when `data type enum` is less than or equal to 1, allowing attacker-controlled hex data from a user-supplied hash string to be decoded into a fixed-size buffer without proper input-length validation. This issue affects modules 17200, 17210, 17220, 17225, and 17230, and could lead to a denial of service or arbitrary code execution via a crafted PKZIP hash file. **Recommendations** As a temporary workaround, restrict the use of modules 17200, 17210, 17220, 17225, and 17230 until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open CASCADE Technology (OCCT) version V8 0 0 rc5 **Description** Two heap-based out-of-bounds read issues exist in the STL ASCII file parser within the `RWStl Reader::ReadAscii()` function. These occur because buffers returned by `Standard ReadLineBuffer::ReadLine()` are not properly length-validated before being used in `strncasecmp` or during direct byte access. A user-assisted attacker can trigger these issues by persuading a victim to open a specially crafted STL file containing extremely short lines, which may lead to a denial of service or information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** V2Board versions prior to 1.7.5 **Description** Cross-Site Scripting (XSS) occurs when the `custom html` field in the theme configuration is rendered using unescaped Blade output in the 'public/theme/v2board/dashboard.blade.php' file. An administrator can inject arbitrary JavaScript through the 'saveThemeConfig' API endpoint. This allows the execution of payloads for all site visitors, which can lead to session hijacking, cookie theft, or phishing. **Recommendations** Update to a version later than 1.7.4. As a temporary workaround, restrict access to the 'saveThemeConfig' API endpoint or avoid using the `custom html` field in the theme configuration.

**Name of the Vulnerable Software and Affected Versions** V2Board versions prior to 1.7.5 **Description** The server authentication token is accepted via a GET parameter in the `app/Http/Controllers/Server/UniProxyController.php` file. This causes the token to be exposed in URLs, such as the endpoint "/api/v1/server/UniProxy/user" through the `token` variable. Consequently, the sensitive information may be recorded in browser history, web server access logs, HTTP Referer headers, and proxy or CDN logs. An attacker with access to these logs can extract the token to impersonate a proxy server node and potentially intercept user traffic. **Recommendations** Update to a version later than 1.7.4. As a temporary mitigation, restrict access to the "/api/v1/server/UniProxy/user" endpoint to trusted IP addresses to minimize the risk of token exposure in logs.

**Name of the Vulnerable Software and Affected Versions** V2Board versions prior to 1.7.5 **Description** An issue exists where the `sort` parameter from user input is passed directly to the `User::orderBy()` function in the 'app/Http/Controllers/Admin/UserController.php' file without proper validation. This allows an authenticated administrator to perform SQL Injection via the ORDER BY clause, enabling them to sort users by any database column, including sensitive fields such as `password` and `remember token`, which leads to information disclosure through ordering analysis. **Recommendations** Update to a version later than 1.7.4. As a temporary workaround, restrict access to the administrative user management functions in 'app/Http/Controllers/Admin/UserController.php' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MixPHP Framework versions 2.x through 2.2.17 **Description** An unsafe deserialization issue exists in the sync-invoke TCP server. The server receives data from a TCP socket and passes it directly to the `unserialize()` function within the `OpisClosure` namespace, subsequently executing the result via `call user func()`. Because the TCP connection lacks authentication or signature verification, an attacker with access to the localhost TCP port (where the server binds to 127.0.0.1) can send a crafted serialized PHP closure to achieve arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MixPHP Framework versions 2.x through 2.2.17 **Description** An unsafe deserialization issue exists in the sync-invoke client within the `Connection.php` file at line 76. The client uses the `unserialize()` function on data received from server responses, which can lead to client-side remote code execution (RCE) if the client connects to a malicious server. Unsafe deserialization occurs when untrusted data is used to instill an object, allowing an attacker to manipulate the object's state to execute arbitrary code. **Recommendations** Update MixPHP Framework to a version later than 2.2.17.

**Name of the Vulnerable Software and Affected Versions** MixPHP Framework versions 2.x through 2.2.17 **Description** An unsafe deserialization issue exists where the session and cache handlers utilize the `unserialize()` function on data retrieved from Redis within the `RedisHandler` object. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MixPHP Framework versions 2.x through 2.2.17 **Description** An unsafe deserialization issue exists where the session and cache handlers utilize the `unserialize()` function on data retrieved from the filesystem within the `FileHandler` object. Deserialization is the process of converting stored data back into an object, which can be dangerous if the data is untrusted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MixPHP Framework versions 2.x through 2.2.17 **Description** An issue exists where a crafted `data` array passed to the `data()` function in BuildHelper.php can lead to SQL injection, a technique that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** As a temporary workaround, restrict the use of the `data()` function in BuildHelper.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MixPHP Framework versions 2.x through 2.2.17 **Description** SQL injection allows an attacker to interfere with the queries that an application makes to its database. This issue occurs via a crafted `on` array passed to the `joinOn()` function within BuildHelper.php. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vanetza V2X version 26.02 **Description** A flaw in the GeoNetworking packet processing pipeline allows remote unauthorized attackers to cause a denial of service. The issue occurs because OpenSSL exceptions resulting from ECC point validation (such as an invalid compressed point or a point not on the curve) are not properly handled by the `Router::indicate()` call chain. Specifically, the `check()` function in `openssl wrapper.cpp` throws an `openssl::Exception` upon failure. While the `parse secured()` function contains a catch block, the exception escapes through the `indicate common` and `indicate extended` processing stages, leading to `std::terminate` and crashing the V2X receiver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AGL app-framework-binder (afb-daemon) versions prior to 19.90.1 **Description** A privilege escalation issue exists in the supervision Do command. The `on supervision call()` function in `src/afb-supervision.c` nullifies request credentials by calling `afb context change cred(&xreq->context, NULL)` before dispatching an API call. Because the `api` and `verb` parameters are controlled via JSON input, an attacker can execute any registered API with a NULL credential context. If an API relies on `context->credentials` for authorization, it may fail open, allowing the attacker to gain elevated privileges. **Recommendations** Update to a version later than 19.90.0.

[Content removed]

**Name of the Vulnerable Software and Affected Versions** cannelloni version 2.0.0 **Description** A buffer overflow occurs during CAN frame parsing. This issue exists within the `parseCANFrame()` function in parser.cpp and the `decodeFrame()` function in decoder.cpp. Remote attackers can exploit this by sending crafted CAN FD frames to cause a denial of service resulting in a crash, or potentially execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.