Stefan Schiller

**Name of the Vulnerable Software and Affected Versions** OSV-SCALIBR (affected versions not specified) **Description** The issue allows for arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. This is particularly problematic when using the CLI flag --remote-image on untrusted container images. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 (affected versions not specified) Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. The specific flaw exists within the handling of SSIDs embedded in scanned QR codes, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla versions 5.0.2 and below Joomla versions 4.4.2 and below **Description** Inadequate content filtering in Joomla leads to multiple XSS vulnerabilities in various components. Attackers can trick administrators into clicking on a malicious link, potentially granting them full control of the website and allowing for remote code execution (RCE). The issue is estimated to affect over 2.7 million services, mainly distributed in the United States, Germany, and other countries. **Recommendations** For Joomla versions 5.0.2 and below: Update to a version with the fix for this issue. For Joomla versions 4.4.2 and below: Update to a version with the fix for this issue. As a temporary workaround, consider restricting access to administrative areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Allura versions 1.0.1 through 1.15.0 **Description** The issue allows project administrators to import attachments with unrestricted URL values, potentially causing Apache Allura to read local files and expose them. This exposure can lead to other exploits, such as session hijacking or remote code execution. **Recommendations** For versions 1.0.1 through 1.15.0, upgrade to version 1.16.0 to fix the issue. If upgrading is not possible, set "disable entry points.allura.importers = forge-tracker, forge-discussion" in the .ini config file as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** Apache Guacamole versions 1.5.1 and older **Description** The issue arises from incorrect calculations of instruction element lengths during the Guacamole protocol handshake. This could allow an attacker to inject Guacamole instructions through specially-crafted data. **Recommendations** For Apache Guacamole versions 1.5.1 and older, update to a version newer than 1.5.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Guacamole versions 0.9.10 through 1.5.1 **Description** The issue allows an attacker to execute arbitrary code with the privileges of the guacd process, depending on timing, as Apache Guacamole may continue to reference a freed RDP audio input buffer. **Recommendations** For Apache Guacamole versions 0.9.10 through 1.5.1, update to a version that fixes the issue with referencing freed RDP audio input buffers to prevent arbitrary code execution with the privileges of the guacd process.

**Name of the Vulnerable Software and Affected Versions** Apache OpenMeetings versions 3.1.3 through 7.1.0 **Description** The issue allows an attacker with access to certain private information to impersonate other users. **Recommendations** For Apache OpenMeetings versions 3.1.3 through 7.1.0, update to version 7.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache OpenMeetings versions 2.0.0 through 7.1.0 **Description** The issue allows an attacker with admin account access to perform remote code execution (RCE) via null-byte injection. **Recommendations** For Apache OpenMeetings versions 2.0.0 through 7.1.0, update to version 7.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache OpenMeetings versions 2.0.0 through 7.1.0 **Description** The issue is related to insufficient comparison in the Apache OpenMeetings video conferencing software. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Apache OpenMeetings versions 2.0.0 through 7.1.0, update to a version after 7.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pretalx versions 2.3.1 through 2.3.1 **Description** The issue allows path traversal in HTML export, a non-default feature. Organizers can trigger the overwriting of an arbitrary file with the standard pretalx 404 page content. **Recommendations** For pretalx version 2.3.1, update to version 2.3.2 to resolve the issue. As a temporary workaround, consider disabling the HTML export feature until a patch is available. Restrict access to the HTML export module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pretalx versions 2.3.1 through 2.3.1 **Description** The issue allows path traversal in HTML export, a non-default feature. Users can upload crafted HTML documents that trigger the reading of arbitrary files. **Recommendations** For pretalx version 2.3.1, update to version 2.3.2 to resolve the issue. As a temporary workaround, consider disabling the HTML export feature until a patch is available. Restrict access to the HTML export module to minimize the risk of exploitation. Avoid using the HTML export feature in the affected version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 **Description** The issue is related to unauthenticated, stored cross-site scripting in the display of alarm reduction keys, which could allow an attacker to access confidential session information. This is due to inadequate protection of the web page structure. The exploitation of this issue may enable a remote attacker to gain unauthorized access to protected session information. **Recommendations** For OpenNMS Meridian versions prior to 2023.1.0, upgrade to Meridian 2023.1.0 or newer. For OpenNMS Horizon versions prior to 31.0.4, upgrade to Horizon 31.0.4. As a temporary workaround, consider restricting access to the alarm reduction keys display to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NETGEAR RAX30 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10 **Description** The issue allows an attacker to inject and execute PHP code in the `auth.php` and `hosttags.php` files of the watolib component, which will be executed upon request of the vulnerable component. **Recommendations** For Checkmk versions 1.6.0 through 1.6.0p29, update to a version later than 1.6.0p29. For Checkmk versions 2.0.0 through 2.0.0p27, update to a version later than 2.0.0p27. For Checkmk versions 2.1.0 through 2.1.0p10, update to a version later than 2.1.0p10.

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 2.1.0 through 2.1.0p11 **Description** The issue allows an attacker to perform a limited Server-Side Request Forgery (SSRF) in the agent-receiver component, enabling communication with local network restricted endpoints through the host registration API. **Recommendations** For Checkmk versions 2.1.0 through 2.1.0p11, as a temporary workaround, consider restricting access to the host registration API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 1.6.0 through 2.1.0p11 Checkmk versions 2.0.0 through 2.0.0p28 **Description** The issue allows an attacker to perform direct queries to the application's core from localhost by injecting Livestatus Query Language (LQL) in the AuthUser HTTP query header. **Recommendations** For Checkmk versions 1.6.0 through 2.1.0p11, update to a version later than 2.1.0p11. For Checkmk versions 2.0.0 through 2.0.0p28, update to a version later than 2.0.0p28. As a temporary workaround, consider restricting access to the AuthUser HTTP query header until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mpv versions through 0.33.0 **Description** A format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. **Recommendations** For versions through 0.33.0, update to a version later than 0.33.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.