Tahaa Farooq

**Name of the Vulnerable Software and Affected Versions** Gallery3d on Tecno Camon X CA7 devices (affected versions not specified) **Description** The issue allows attackers to view hidden images by navigating to the `data/com.android.gallery3d/.privatealbum/.encryptfiles` directory and guessing the correct image file extension. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YeaLinkSIP-T19P-E2 version 53.84.0.15 **Description** An issue in the diagnostic component of YeaLinkSIP-T19P-E2 allows a remote privileged attacker to execute arbitrary code via a crafted request to the ping function. **Recommendations** For YeaLinkSIP-T19P-E2 version 53.84.0.15, consider disabling the diagnostic component's ping function as a temporary workaround until a patch is available. Restrict access to the diagnostic component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.