Tin-Z

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice (affected versions not specified) **Description** The issue is related to the execution of links in Apache OpenOffice documents that can call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. These links can be activated by clicks or by automatic document events. The execution of such links must be subject to user approval. However, in the affected versions of OpenOffice, approval for certain links is not requested, which could result in arbitrary script execution. This is due to insufficient input validation when processing arguments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tcpreplay version 4.4.1 **Description** The issue is a memory leakage flaw in the `fix ipv6 checksums()` function. This flaw poses the highest threat to data confidentiality. **Recommendations** For Tcpreplay version 4.4.1, consider disabling the `fix ipv6 checksums()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libwav through 2017-04-20 **Description** The issue is related to the function `wav format write` in `libwav.c`, which has an Use of Uninitialized Variable vulnerability. This means that the function uses a variable before it has been initialized, potentially leading to unpredictable behavior. **Recommendations** For libwav through 2017-04-20, as a temporary workaround, consider disabling the `wav format write` function until a patch is available. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.