Trung Nguyen

**Name of the Vulnerable Software and Affected Versions** Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 **Description** Improper Isolation or Compartmentalization allows an administrator with sufficient entitlements for Implementations to create a malicious Groovy class. This class can contain untrusted code that reaches a non-sandboxed execution path through the class static initializer, potentially leading to remote code execution. **Recommendations** For versions 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0, upgrade to version 4.0.6 or 4.1.1.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 7.0.0 **Description** The issue in QEMU's softmmu/physmem.c file can lead to an uninitialized read on the translate fail path, resulting in an io readx or io writex crash. A third party notes that this might not be considered a security bug according to the Non-virtualization Use Case in the qemu.org reference. The vulnerability is related to the use of an uninitialized variable in the address space translate for iotlb() function, which could allow an attacker to cause a denial of service or execute arbitrary code. **Recommendations** For QEMU versions prior to 7.0.0, consider updating to a version that includes the fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.