Titan Team

**Name of the Vulnerable Software and Affected Versions** linkingvision rapidvms versions prior to PR#96 **Description** An improper restriction of operations within the bounds of a memory buffer exists in linkingvision rapidvms. This issue could potentially allow for unauthorized access or manipulation of data due to insufficient boundary checks when handling memory operations. **Recommendations** Update linkingvision rapidvms to PR#96 or later.

**Name of the Vulnerable Software and Affected Versions** linkingvision rapidvms versions prior to PR#96 **Description** An improper restriction of operations within the bounds of a memory buffer exists in linkingvision rapidvms. This issue could potentially allow for unintended consequences due to insufficient memory boundary checks. **Recommendations** Update linkingvision rapidvms to PR#96 or a later version to address this issue.

**Name of the Vulnerable Software and Affected Versions** ncmdump versions prior to 1.4.0 **Description** A NULL pointer dereference issue exists in taurusxin ncmdump within the `src/utils` modules, specifically related to the cJSON.Cpp program files. This can lead to unexpected behavior or program crashes. **Recommendations** Update ncmdump to version 1.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** perf-ninja (affected versions not specified) **Description** An improper control of code generation issue, specifically a code injection flaw, exists in the ldo.C module within perf-ninja’s labs/misc/pgo/lua components. This allows for the injection of Lua bytecode, potentially leading to remote code execution (RCE) accessible over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** linkingvision rapidvms versions prior to PR#96 **Description** An issue exists in linkingvision rapidvms related to an improper restriction of operations within the bounds of a memory buffer. This condition could potentially allow for unauthorized access or manipulation of data. **Recommendations** Update linkingvision rapidvms to PR#96 or a later version.

**Name of the Vulnerable Software and Affected Versions** timeplus-io proton versions prior to 1.6.16 **Description** An out-of-bounds write issue exists in the inflate.C file within the base/poco/Foundation/src modules of proton. This flaw is a heap smash, potentially leading to remote code execution. The issue is network-reachable and does not require authentication, potentially allowing for full system compromise. **Recommendations** Update to a version of timeplus-io proton version 1.6.16 or later.

**Name of the Vulnerable Software and Affected Versions** No-Chicken Echo-Mate versions prior to V250329 **Description** A Use After Free issue exists in No-Chicken Echo-Mate within the rmap.C program files, specifically in the mm modules of the SDK/rv1106-sdk/sysdrv/source/kernel directory. This condition occurs due to improper memory management, potentially allowing for unexpected behavior or code execution. **Recommendations** Update No-Chicken Echo-Mate to version V250329 or later.

**Name of the Vulnerable Software and Affected Versions** InsightSoftwareConsortium ITK versions prior to 2.7.1 **Description** An integer overflow or wraparound condition exists in the Expat parser within the ITK software. This issue is network-reachable and allows for automatable exploitation. The vulnerability is located in the `expat` modules under the `Modules/ThirdParty/Expat/src` directory. **Recommendations** Update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.11.0 **Description** A flaw exists in OSGeo gdal related to improper restriction of operations within the bounds of a memory buffer. This issue is located in the `frmts/zlib/contrib/infback9` modules, specifically within the `inftree9.c` file. The problem stems from incorrect pointer arithmetic in the bundled zlib library, potentially allowing attackers to corrupt heap memory through malformed compressed data, which could lead to remote code execution. **Recommendations** Update to version 3.11.0 or later.

**Name of the Vulnerable Software and Affected Versions** Notepad3 versions prior to 6.25.714.1 **Description** An out-of-bounds read issue exists in the rizonesoft Notepad3 application, specifically within the `scintilla`, `oniguruma`, and `src` modules. The issue is related to the `regcomp.C` program file. This is a parser vulnerability where malicious regular expressions can lead to remote code execution. **Recommendations** Update Notepad3 to version 6.25.714.1 or later.

**Name of the Vulnerable Software and Affected Versions** visualfc liteide versions prior to x38.4 **Description** An inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') exists in visualfc liteide within the `http parser.C` program files and the `liteidex/src/3rdparty/qjsonrpc/src/http-parser` modules. This issue could allow for the smuggling of HTTP requests and responses. **Recommendations** Update to version x38.4 or later.

**Name of the Vulnerable Software and Affected Versions** albfan Miraclecast versions prior to 1.0 **Description** A security issue exists in albfan Miraclecast. The nature of the issue is unspecified. **Recommendations** Update to a version newer than or equal to 1.0.

**Name of the Vulnerable Software and Affected Versions** JoyConDroid versions through 1.0.93 **Description** A flaw exists in JoyConDroid related to improper limitation of a pathname to a restricted directory, also known as a path traversal. This issue is found in the `UnzipUtil.Java` file within the `app/src/main/java/com/rdapps/gamepad/util` modules. **Recommendations** Update JoyConDroid to a version later than 1.0.93.

**Name of the Vulnerable Software and Affected Versions** yoyofr modizer versions prior to 4.3 **Description** A memory buffer issue exists within the modizer software, specifically in the libcurl IMAP handler. This issue allows for operations outside the intended memory boundaries. The vulnerability is network-exploitable and has a high severity. The affected files include imap.C. **Recommendations** Update to version 4.3 or later.

**Name of the Vulnerable Software and Affected Versions** No-Chicken Echo-Mate versions prior to V250329 **Description** An improper handling of values issue exists in No-Chicken Echo-Mate within the netfilter modules (files `nf tables.H`, `nft byteorder.C`, and `nft meta.C`). **Recommendations** Update to version V250329 or later.

**Name of the Vulnerable Software and Affected Versions** chunjun versions prior to 1.16.1 **Description** An unreliable data deserialization issue exists in DTStack chunjun, specifically within the `chunjun-core/src/main/java/com/dtstack/chunjun/util` modules. The problem is linked to the `GsonUtil.Java` program files. **Recommendations** Update chunjun to version 1.16.1 or later.

**Name of the Vulnerable Software and Affected Versions** ART versions prior to 1.25.12 **Description** An integer overflow or wraparound issue exists in the ART raw image editor’s `rtengine` modules, specifically related to the dcraw.C program file. This can potentially lead to unexpected behavior or crashes. **Recommendations** Update to version 1.25.12 or later.

**Name of the Vulnerable Software and Affected Versions** furnace versions prior to 0.7 **Description** An out-of-bounds read issue exists in the furnace software within the extern/libsndfile-modified/src modules when processing flac.C program files. **Recommendations** Update to a version of furnace at or after version 0.7.

**Name of the Vulnerable Software and Affected Versions** ixray-team ixray-1.6-stcop versions prior to 1.3 **Description** A flaw exists that can lead to the exposure of sensitive information to an unauthorized actor. The issue affects ixray-team ixray-1.6-stcop. **Recommendations** Update ixray-team ixray-1.6-stcop to version 1.3 or later.

**Name of the Vulnerable Software and Affected Versions** WujekFoliarz DualSenseY-v2 versions prior to 54 **Description** An out-of-bounds write issue exists in WujekFoliarz DualSenseY-v2. This allows for potential unauthorized access or modification of data. **Recommendations** Update WujekFoliarz DualSenseY-v2 to version 54 or later.