Sheikh Rishad

**Name of the Vulnerable Software and Affected Versions** Synology Assistant versions prior to 7.0.6-50085 **Description** An origin validation error allows local users to write arbitrary files with restricted content during the installation process. **Recommendations** Update to version 7.0.6-50085 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Active Backup for Business Agent versions prior to 3.1.0-4967 **Description** An origin validation error occurs during installation, which allows local users to write arbitrary files containing restricted content. **Recommendations** Update to version 3.1.0-4967 or later.

**Name of the Vulnerable Software and Affected Versions** Synology ActiveProtect Agent versions prior to 1.1.0-0439 **Description** An origin validation error occurs during installation, allowing local users to write arbitrary files with restricted content. **Recommendations** Update to version 1.1.0-0439 or later.

**Name of the Vulnerable Software and Affected Versions** Synology BeeDrive for desktop versions prior to 1.4.3-13973 **Description** A flaw exists in BeeDrive that allows local users to write arbitrary files containing non-sensitive information. The issue is due to an origin validation error. **Recommendations** Update Synology BeeDrive for desktop to version 1.4.3-13973 or later.

**Name of the Vulnerable Software and Affected Versions:** ESET security products versions (affected versions not specified) **Description:** The installation file of ESET security products on Windows allows an attacker to delete an arbitrary file without the necessary permissions. An attacker with the ability to execute low-privileged code on the target system can exploit this issue to escalate their privileges. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel Unite android application versions prior to 4.2.3504 **Description** The issue is related to improper access control in the Intel Unite android application, which may allow an authenticated user to potentially enable information disclosure via local access. This could permit an attacker to gain unauthorized access to information. **Recommendations** For versions prior to 4.2.3504, update to version 4.2.3504 or later to resolve the issue. As a temporary workaround, consider restricting local access to the application until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Support android application versions prior to v23.02.07 **Description** The issue is related to incorrect default permissions in the Intel(R) Support android application, which may allow a privileged user to potentially enable information disclosure via local access. This could permit an attacker to gain unauthorized access to information. **Recommendations** For versions prior to v23.02.07, update to version v23.02.07 or later to resolve the issue. As a temporary workaround, consider restricting local access to the application until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Oracle Mobile Security Suite versions prior to 11.1.2.3.1 **Description** The issue is related to errors in processing input data in the Android Mobile Authenticator App component of the Oracle Mobile Security Suite product. This can allow an attacker to gain unauthorized access to protected information. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data. **Recommendations** For versions prior to 11.1.2.3.1, update to version 11.1.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Smart Campus Android application versions prior to 9.9 **Description** The issue concerns uncontrolled resource consumption, which may allow an authenticated user to potentially enable denial of service via local access. **Recommendations** For versions prior to 9.9, update to version 9.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WARP client for Android (affected versions not specified) **Description** The issue is caused by a misconfiguration in the manifest file of the WARP client for Android, allowing a task hijacking attack. An attacker can create a malicious mobile application to hijack legitimate apps and steal potentially sensitive information when installed on the victim's device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD Link Android app (affected versions not specified) **Description** The issue is related to insufficient access controls, which may potentially result in information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Navigator Mobile Android versions 3.4.1.1 through 3.4.1.2 **Description** The issue is related to improper access control, which could allow a local user to obtain sensitive information. This is due to errors in authorization. **Recommendations** For versions 3.4.1.1 and 3.4.1.2, consider restricting access to sensitive information until a patch is available. As a temporary workaround, review and strengthen access control mechanisms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Connect M Android application versions prior to 1.7.4 **Description** The issue concerns incorrect default permissions that may allow an authenticated user to potentially enable information disclosure via local access. **Recommendations** For versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Datacenter Group Event iOS application (affected versions not specified) **Description** The issue concerns insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, which may allow an unauthenticated user to potentially enable information disclosure via network access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Support Android application versions prior to 21.07.40 **Description** The issue is related to incorrect default permissions in the Intel(R) Support Android application, which may allow an authenticated user to enable information disclosure via local access. **Recommendations** For versions prior to 21.07.40, update to version 21.07.40 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Smart Campus Android application versions prior to 6.1 **Description** The issue is related to improper access control, which may allow an authenticated user to potentially enable information disclosure via local access. **Recommendations** For versions prior to 6.1, update to version 6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Capital Global Summit Android application (affected versions not specified) **Description** The issue is related to improper access control, which may allow an authenticated user to enable information disclosure via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RXT for Chromebook (affected versions not specified) **Description** The issue concerns incorrect default permissions in the Intel(R) RXT for Chromebook application. This may allow an authenticated user to potentially enable information disclosure via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.