Simon Scannell

**Name of the Vulnerable Software and Affected Versions** OSV-SCALIBR (affected versions not specified) **Description** The issue allows for arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. This is particularly problematic when using the CLI flag --remote-image on untrusted container images. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kernel-image-rpi-un version 6.1.77-alt1 Linux Kernel versions >=5.4 kernel-image-std-def version 5.10.179-alt1 Linux Kernel 5.3.18-150200 24 166 **Description** The Linux kernel is susceptible to a vulnerability stemming from an incorrect verifier pruning in BPF. This flaw allows unsafe code paths to be incorrectly marked as safe, potentially leading to arbitrary read/write access in kernel memory, lateral privilege escalation, and container escape. The vulnerability affects Linux Kernel versions 5.4 and later. The `backtrack insn()` function within the kernel/bpf/verifier.c module is implicated in this issue. **Recommendations** Update kernel-image-rpi-un to version 6.1.77-alt1. Update kernel-image-std-def to version 5.10.179-alt1. Update Linux Kernel 5.3.18-150200 24 166 to a fixed version. Update Linux Kernel to a version greater than or equal to 5.4 with the fix applied.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier **Description** The vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. **Recommendations** For ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier, consider disabling the DMG file parser until a patch is available. Restrict access to the ClamAV scanning process to minimize the risk of exploitation. Avoid using the XML entity substitution feature in the ClamAV scanning library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 1.0.0 and earlier ClamAV versions 0.105.1 and earlier ClamAV versions 0.103.7 and earlier **Description** The issue is related to a missing buffer size check in the HFS+ partition file parser of ClamAV, which may result in a heap buffer overflow write. An attacker could exploit this by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process or crash the process, resulting in a denial of service condition. **Recommendations** For ClamAV versions 1.0.0 and earlier, update to version 1.0.1 or later. For ClamAV versions 0.105.1 and earlier, update to version 0.105.3 or later. For ClamAV versions 0.103.7 and earlier, update to version 0.103.8 or later. As a temporary workaround, consider restricting access to the HFS+ partition file parser until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 6.0.3 **Description** The issue allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. **Recommendations** For WordPress versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the WordPress Post by Email Feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RainLoop versions through 1.6.0 **Description** The issue allows for XSS via a crafted email message in the Email Viewer. This can potentially be exploited to steal users' emails. **Recommendations** For versions through 1.6.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the use of the Email Viewer until a patch is available. Avoid using the Email Viewer with crafted email messages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration (aka ZCS) versions 8.8.15 through 9.0.0 **Description** The issue allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, causing an overwrite of arbitrary cached entries. This can be exploited to execute arbitrary commands and potentially steal user credentials. The vulnerability is being actively exploited. **Recommendations** For Zimbra Collaboration (aka ZCS) versions 8.8.15 through 9.0.0, update to version 8.8.15 P31.1 or 9.0.0 P24.1 to resolve the issue. As a temporary workaround, consider restricting access to memcache commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 **Description** The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. **Recommendations** For versions prior to 5.8.3, update to version 5.8.3 or later. For versions prior to 3.7.37, update to version 3.7.37 or later. As a general measure, keep auto-updates enabled to ensure the latest security patches are applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 **Description** Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect high-privileged users. **Recommendations** For WordPress versions prior to 5.8.3, update to version 5.8.3 or later. For WordPress versions prior to 3.7.37, update to version 3.7.37 or later. Keep auto-updates enabled to ensure the latest security patches are applied. As a temporary workaround, consider restricting access to sensitive areas of the WordPress core until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Squirrel versions 2.2.5 and earlier Squirrel versions 3.x through 3.1 **Description** The issue allows an out-of-bounds read in the core interpreter, leading to code execution. If a victim executes an attacker-controlled Squirrel script, it is possible for the attacker to break out of the Squirrel script sandbox, even if all dangerous functionality, such as File System functions, has been disabled. An attacker might abuse this bug to target Cloud services that allow customization via Squirrel scripts or distribute malware through video games that embed a Squirrel Engine. **Recommendations** For Squirrel versions 2.2.5 and earlier, update to a version later than 2.2.5. For Squirrel versions 3.x through 3.1, update to a version later than 3.1. As a temporary workaround, consider disabling the execution of Squirrel scripts from untrusted sources until a patch is available. Restrict access to the Squirrel Engine to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Invision Community versions prior to 4.6.5.1 **Description** The issue allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML). **Recommendations** For versions prior to 4.6.5.1, update to version 4.6.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of admins to install widgets and use the templating engine until a patch is applied. Additionally, restrict access to the Edit HTML feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Invision Community versions prior to 4.6.5.1 **Description** The issue allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt rand function. This predictability can be exploited to conduct reflected XSS attacks. **Recommendations** For versions prior to 4.6.5.1, update to version 4.6.5.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads until the update is applied.

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.0 through 8.8.15 Patch 22 Zimbra Collaboration Suite versions 9.0.0 through 9.0.0 Patch 15 Description: An issue was discovered in ProxyServlet.java in the /proxy servlet. The value of the `X-Host` header overwrites the value of the `Host` header in proxied requests. The value of `X-Host` header is not checked against the whitelist of hosts Zimbra is allowed to proxy to, which is defined by the `zimbraProxyAllowedDomains` setting. Recommendations: For Zimbra Collaboration Suite versions 8.8.0 through 8.8.15 Patch 22, update to version 8.8.15 Patch 23 or later. For Zimbra Collaboration Suite versions 9.0.0 through 9.0.0 Patch 15, update to version 9.0.0 Patch 16 or later. As a temporary workaround, consider restricting the `X-Host` header to only allow trusted hosts until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.x through 8.8.15 Patch 22 Description: An issue was discovered in the Calendar Invite component, specifically in ZmMailMsgView.js. This issue allows an attacker to place HTML containing executable JavaScript inside element attributes, which becomes unescaped and causes arbitrary markup to be injected into the document. Recommendations: For Zimbra Collaboration Suite versions 8.8.x through 8.8.15 Patch 22, update to version 8.8.15 Patch 23 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Calendar Invite component until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions prior to 9.0 Description: An open redirect issue exists in the /preauth Servlet. To exploit this, an attacker needs a valid zimbra auth token or preauth token. With the token, an attacker can redirect a user to any URL using the "isredirect=1&redirectURL=" parameter in conjunction with the token data, such as a valid "authtoken=" value. Recommendations: For Zimbra Collaboration Suite versions prior to 9.0, update to version 9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /preauth Servlet to minimize the risk of exploitation. Avoid using the "isredirect=1&redirectURL=" parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.3.1 **Description** The issue is related to a Cross-Site Scripting (XSS) error in the block editor of the WordPress content management system. This error can be exploited by authenticated users with lower privileges, such as contributors, who can inject JavaScript code in the block editor. The injected code is executed within the dashboard, which can lead to an admin opening the affected post in the editor, resulting in an XSS attack. This can allow a remote attacker to compromise the integrity of the data. **Recommendations** For versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the block editor for lower-privileged users until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.21 **Description** The issue is related to a parsing flaw in the Private Message / Post renderer, specifically a nested video MyCode issue, which can lead to persistent XSS. This allows an attacker to potentially take over any forum account. **Recommendations** For versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.21 **Description** The issue allows an attacker to create a PHP shell in the cache directory of a targeted forum via a crafted XML import. This is achieved by exploiting a default behavior of MySQL on many systems, where strings that are too long for a database column are truncated. For example, a string like `aaaaaaaaaaaaaaaaaaaaaa.php.css` can be truncated to `aaaaaaaaaaaaaaaaaaaaaa.php` due to a 30-character limit, leading to remote code execution. **Recommendations** For MyBB versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The GD Graphics Library version 2.2.5 **Description** The issue is related to a double free error in the `gdImage*Ptr()` functions within the files `gd gif out.c`, `gd jpeg.c`, and `gd wbmp.c` of the graphic library. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For version 2.2.5, consider updating to a newer version that addresses the double free error in the `gdImage*Ptr()` functions to prevent potential exploitation. As a temporary workaround, consider restricting the use of the `gdImage*Ptr()` functions in `gd gif out.c`, `gd jpeg.c`, and `gd wbmp.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpBB versions prior to 3.2.4 **Description** The issue allows for Remote Code Execution through Object Injection by utilizing Phar deserialization. This can be achieved by passing an absolute path to a file exists check. The exploitation of this issue requires access to the Admin Control Panel with founder permissions. **Recommendations** For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin Control Panel to minimize the risk of exploitation.