Sickcodes

**Name of the Vulnerable Software and Affected Versions** KeyChainActivity Application (affected versions not specified) **Description** The issue is related to missing permission checks, resulting in unauthorized access and manipulation in the KeyChainActivity Application. This allows an attacker to escalate privileges and manipulate KeyChain operations by sending a malicious Intent to KeyChainActivity. The vulnerability can be triggered through a malicious incoming intent. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gurock TestRail versions prior to 7.2.0.3014 **Description** The issue is related to improper access control, resulting in sensitive information exposure. A threat actor can access the "/files.md5" file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. These file paths can be tested, potentially leading to the disclosure of hardcoded credentials, API keys, or other sensitive data. **Recommendations** For versions prior to 7.2.0.3014, update to version 7.2.0.3014 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/files.md5" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Brave Browser Desktop versions prior to 1.28.62 **Description** An information disclosure issue exists where logged warning messages include timestamps of connections to V2 onion domains in tor.log. This issue affects versions prior to 1.28.62, where the server connection time for all v2 tor domains is permanently logged to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log. **Recommendations** For versions prior to 1.28.62, update to version 1.28.62 or later to resolve the issue. As a temporary workaround, consider restricting access to the tor.log file to minimize the risk of information disclosure.

**Name of the Vulnerable Software and Affected Versions** TeamworkCloud versions 18.0 through 19.0 **Description** The issue arises from an incorrect permission assignment during the installation script, allowing a local unprivileged attacker to execute arbitrary code as root. This occurs because the installation instructs setting the system environment file `/etc/environment` with world writable permissions (0777), enabling any local unprivileged user to write to `/etc/environment` and force all users, including root, to execute arbitrary code during the next login or reboot. Additionally, the entire home directory of the `twcloud` user at `/home/twcloud` is given world writable permissions, allowing any local unprivileged attacker to execute arbitrary code as `twcloud`. **Recommendations** For TeamworkCloud versions 18.0 through 19.0, consider removing world writable permissions from `/etc/environment` and the `/home/twcloud` directory to prevent arbitrary code execution. As a temporary workaround, restrict access to the `/etc/environment` file and the `twcloud` user's home directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below **Description** A local unprivileged attacker, such as a malicious App, can read and write to the `/data/vendor/tcl`, `/data/vendor/upgrade`, and `/var/TerminalManager` directories within the TV file system. This allows an attacker, such as a malicious APK or local unprivileged user, to perform fake system upgrades by writing to the `/data/vendor/upgrade` folder. **Recommendations** For TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below: consider restricting access to the `/data/vendor/tcl`, `/data/vendor/upgrade`, and `/var/TerminalManager` directories to prevent unauthorized read and write operations. For TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below: consider restricting access to the `/data/vendor/tcl`, `/data/vendor/upgrade`, and `/var/TerminalManager` directories to prevent unauthorized read and write operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below **Description** A vulnerability in the TCL Android Smart TV series allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network can download most system files, leading to serious critical information disclosure. Some TV models and/or firmware versions may expose the web server with the entire file system accessible on another port. **Recommendations** For TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below: As a temporary workaround, consider disabling access to the insecure web server running on port 7989 until a patch is available. For TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below: Restrict access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Private Internet Access (PIA) VPN Client for Linux versions 1.5 through 2.3 **Description** A vulnerability in the Private Internet Access (PIA) VPN Client for Linux allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. This occurs when the kill switch is configured to block all inbound and outbound network traffic, but privileged applications can continue sending and receiving network traffic if `net.ipv4.ip forward` has been enabled in the system kernel parameters. For instance, a Docker container running on a host with the VPN turned off and the kill switch turned on can continue using the internet, potentially leaking the host IP. **Recommendations** For Private Internet Access (PIA) VPN Client for Linux versions 1.5 through 2.3, consider updating to version 2.4.0 or later, which enables policy-based routing by default to direct all forwarded packets to the VPN interface automatically. As a temporary workaround, consider disabling the `net.ipv4.ip forward` option in the system kernel parameters to prevent privileged applications from bypassing the kill switch mechanism.