Usu199

**Name of the Vulnerable Software and Affected Versions** AVL-DiTEST-DiagDev libdoip version 1.0.0 **Description** A problem was found in the function `DoIPConnection::reactOnReceivedTcpMessage` of the file `DoIPConnection.cpp`. The issue leads to a null pointer dereference. **Recommendations** For version 1.0.0, consider disabling the `DoIPConnection::reactOnReceivedTcpMessage` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** emqx neuron versions up to 2.10.0 **Description** A critical vulnerability has been found in emqx neuron, affecting the function `handle add plugin` in the library `cmd.library` of the file `plugins/restful/plugin handle.c`. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. **Recommendations** For versions up to 2.10.0, apply a patch to fix this issue. As a temporary workaround, consider disabling the `handle add plugin` function until a patch is available. Update to the latest release to mitigate risks.

**Name of the Vulnerable Software and Affected Versions** emqx neuron versions up to 2.10.0 **Description** A vulnerability was found in emqx neuron, affecting an unknown functionality of the file "/api/v2/schema" of the component JSON File Handler. This leads to information disclosure and can be launched remotely. **Recommendations** For emqx neuron versions up to 2.10.0, apply the patch c9ce39747e0372aaa2157b2b56174914a12c06d8 to fix this issue. As a temporary workaround, consider restricting access to the "/api/v2/schema" endpoint until the patch is applied. Update your systems to the latest release to mitigate risks.

**Name of the Vulnerable Software and Affected Versions** travels-java-api versions up to 5.0.1 **Description** A vulnerability was found in the travels-java-api, classified as problematic. The issue affects the function `doFilterInternal` of the file `travels-java-api-mastersrcmainjavaiogithubmariazevedo88travelsjavaapifiltersJwtAuthenticationTokenFilter.java` of the component JWT Secret Handler. This leads to the use of a hard-coded cryptographic key. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. **Recommendations** For travels-java-api versions up to 5.0.1, consider updating to a version that addresses the use of hard-coded cryptographic keys, as no specific fixed version is mentioned in the provided information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.