Tim Brown

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 7.1 through 7.3 VIOS version 3.1 **Description** The issue allows a non-privileged local user to exploit a vulnerability in the AIX runtime services library, specifically due to the lack of neutralization of special elements used in the operating system command, to execute arbitrary commands. This is related to the `errlog()` system call function in the runtime services library of the IBM AIX operating system. **Recommendations** For IBM AIX versions 7.1 through 7.3, consider disabling the `errlog()` function as a temporary workaround until a patch is available. For VIOS version 3.1, consider restricting access to the runtime services library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 7.1 through 7.3 VIOS version 3.1 **Description** The issue exists due to the lack of neutralization of special elements used in the invscout command of the IBM AIX operating system. Exploitation of this issue may allow an attacker to execute arbitrary commands. A non-privileged local user could exploit the vulnerability in the invscout command. **Recommendations** For IBM AIX versions 7.1 through 7.3, consider disabling the invscout command until a patch is available. For VIOS version 3.1, consider disabling the invscout command until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** X11 Mesa 3D Graphics Library version 19.1.2 **Description** A shared memory permissions issue exists, allowing an attacker to access shared memory without specific permissions, potentially triggering the vulnerability. **Recommendations** For X11 Mesa 3D Graphics Library version 19.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Workload Automation for AIX versions 8.6 through 9.4 **Description** The issue is related to directories with improper permissions, which could allow a local user with special access to gain root privileges. **Recommendations** For versions 8.6 through 9.4, update the permissions of the affected directories to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 for Linux, UNIX and Windows versions 9.2, 10.1, 10.5, and 11.1 **Description** The issue is related to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. **Recommendations** For versions 9.2, 10.1, 10.5, and 11.1, update to a fixed version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD fglrx-driver versions prior to 15.9 **Description** The issue allows local users to gain privileges via a symlink attack. This is due to an incomplete fix for a previous issue. **Recommendations** For versions prior to 15.9, update to version 15.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AMD fglrx-driver versions prior to 15.7 **Description** The issue allows local users to gain privileges via a symlink attack. **Recommendations** For versions prior to 15.7, update to version 15.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 **Description** The issue concerns the hardware VPN client's failure to validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange. This allows remote attackers to perform a replay attack. **Recommendations** For version 2013070830/2013080900, consider disabling the hardware VPN client until a patch is available that properly validates the remote VPN endpoint identity. Restrict access to the VPN endpoint to minimize the risk of exploitation. Avoid initiating VPN exchanges with unverified endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 **Description** The issue is related to a lack of protection for service data in Mozilla Firefox. It allows a remote attacker to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. This can be done when NTLM v1 is enabled for HTTP authentication. **Recommendations** For versions prior to 42.0, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider disabling NTLM v1 for HTTP authentication to minimize the risk of exploitation. Restrict access to sensitive information and avoid using NTLM v1 for authentication until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP Enterprise Central Component (ECC) (affected versions not specified) **Description** The issue is related to an untrusted search path vulnerability. It allows local users to gain privileges via a Trojan horse program. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KDE-Runtime versions 4.14.3 and earlier kwebkitpart versions 1.3.4 and earlier kio-extras versions 5.1.1 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URI using various schemes, which is not properly handled in an error message. The affected schemes include `zip`, `trash`, `tar`, `thumbnail`, `smtps`, `smtp`, `smb`, `remote`, `recentdocuments`, `nntps`, `nntp`, `network`, `mbox`, `ldaps`, `ldap`, `fonts`, `file`, `desktop`, `cgi`, `bookmarks`, or `ar`. **Recommendations** For KDE-Runtime versions 4.14.3 and earlier, consider disabling the handling of crafted URIs using the affected schemes until a patch is available. For kwebkitpart versions 1.3.4 and earlier, restrict access to the vulnerable components to minimize the risk of exploitation. For kio-extras versions 5.1.1 and earlier, avoid using the affected schemes in error messages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HP Operations Agent version 11.00 **Description** The issue allows local users to gain privileges via unknown vectors when Glance is used. It is related to a privilege escalation vulnerability in HP xglance. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For HP Operations Agent version 11.00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlackBerry QNX Neutrino RTOS versions 6.4.x through 6.5.x **Description** The issue allows local users to gain privileges by providing an arbitrary program name as a command-line argument to `/sbin/ifwatchd`. **Recommendations** For BlackBerry QNX Neutrino RTOS versions 6.4.x through 6.5.x, consider restricting access to the `/sbin/ifwatchd` command to prevent local users from exploiting this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qt versions 4.4.0 through 4.7.5 Qt versions 4.8.x before 4.8.5 Qt version 5.0.0 qt-x11 versions (affected versions not specified) qt-demos-4.6.2 version qt-doc-4.6.2 version qt-examples-4.6.2 version qt-debuginfo-4.6.2 version qt-devel-4.6.2 version phonon-backend-gstreamer-4.6.2 version **Description** The vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited remotely. The QSharedMemory class in Qt uses weak permissions for shared memory segments, allowing local users to read sensitive information or modify critical program data. **Recommendations** For Qt versions 4.4.0 through 4.7.5, update to a version later than 4.7.5. For Qt versions 4.8.x before 4.8.5, update to version 4.8.5 or later. For Qt version 5.0.0, update to a version later than 5.0.0. For qt-x11, qt-demos-4.6.2, qt-doc-4.6.2, qt-examples-4.6.2, qt-debuginfo-4.6.2, qt-devel-4.6.2, and phonon-backend-gstreamer-4.6.2, update to a version that is not affected by the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected packages.

**Name of the Vulnerable Software and Affected Versions** Perl versions 5.12.x through 5.12.4 Perl versions 5.14.x through 5.14.2 Perl versions 5.15.x through 5.15.4 **Description** The issue is related to a heap-based buffer overflow in the Perl repeatcpy function, which can be exploited by context-dependent attackers. This can lead to a denial of service due to memory consumption and crash, or potentially allow the execution of arbitrary code. The exploitation is possible via the 'x' string repeat operator. **Recommendations** For Perl versions 5.12.x through 5.12.4, update to version 5.12.5 or later. For Perl versions 5.14.x through 5.14.2, update to version 5.14.3 or later. For Perl versions 5.15.x through 5.15.4, update to version 5.15.5 or later.

**Name of the Vulnerable Software and Affected Versions** OpenVAS Manager versions prior to 3.0.4 **Description** The issue allows remote attackers to execute arbitrary commands via specific fields in an OMP request. This is due to a problem in the send to sourcefire function in manage sql.c. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the send to sourcefire function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Konqueror in KDE version 4.7.3 **Description** The issue is related to a use-after-free vulnerability in the khtml/rendering/render replaced.cpp file. This vulnerability can be triggered when the context menu is shown and an iframe is being updated, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. **Recommendations** For Konqueror in KDE version 4.7.3, consider disabling the context menu feature as a temporary workaround until a patch is available. Restrict access to iframes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Konqueror in KDE versions prior to 4.9.3 **Description** The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, via a crafted web page. This is related to trying to reuse a frame with a null part. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDE version 4.7.3 kdelibs versions 4.3.4 **Description** The issue allows remote attackers to cause a denial of service and possibly read memory via large canvas dimensions, leading to an unexpected sign extension and a heap-based buffer over-read. Multiple vulnerabilities in the kdelibs package may lead to a violation of confidentiality and availability of protected information. These vulnerabilities can be exploited remotely. **Recommendations** For KDE version 4.7.3, consider updating to a newer version to mitigate the risk. For kdelibs versions 4.3.4, restrict access to sensitive information and consider updating to a newer version to mitigate the risk. As a temporary workaround, consider disabling the `scaledimageplane.h` function in Konqueror until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kdelibs versions 4.3.4 kdelibs-devel version 4.3.4 kdelibs-debuginfo version 4.3.4 kdelibs-apidocs version 4.3.4 kdelibs-common version 4.3.4 **Description** The issue concerns multiple vulnerabilities in the kdelibs package, which can lead to a disruption of confidentiality and availability of protected information. These vulnerabilities can be exploited remotely. The CSS parser in Konqueror is also affected, allowing remote attackers to cause a denial of service and possibly read memory via a crafted font face source, related to type confusion. **Recommendations** For kdelibs version 4.3.4, consider updating to a newer version to mitigate the risk. For kdelibs-devel version 4.3.4, consider updating to a newer version to mitigate the risk. For kdelibs-debuginfo version 4.3.4, consider updating to a newer version to mitigate the risk. For kdelibs-apidocs version 4.3.4, consider updating to a newer version to mitigate the risk. For kdelibs-common version 4.3.4, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the CSS parser in Konqueror to minimize the risk of exploitation.