Victorv

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Gateway (RD Gateway) (affected versions not specified) **Description** The issue is related to a denial-of-service vulnerability in the Windows Remote Desktop Gateway (RD Gateway). It is associated with synchronization errors when using a shared resource. Exploitation of this issue can allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Services (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code, affecting the system. This can lead to significant security breaches. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Services (affected versions not specified) **Description** The issue is related to the storage of sensitive data in improperly locked memory in Windows Remote Desktop Services. This can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services (affected versions not specified) Description: The issue is related to the use of memory after it has been freed in Microsoft Windows Remote Desktop Services. This can allow a remote attacker to execute arbitrary code. The vulnerability may be exploited by a remote attacker, potentially leading to the execution of malicious code. Multiple vulnerabilities in Microsoft RDP services have been identified, including remote code execution and denial of service issues. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services (affected versions not specified) Description: The issue is related to a remote code execution problem in Windows Remote Desktop Services. It involves the initialization of an insecure variable by default. Exploitation of this issue could allow a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services (affected versions not specified) Description: The issue is related to a remote code execution problem in the Windows Remote Desktop Services, which is associated with the use of memory after it has been freed. This can allow a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services (affected versions not specified) Description: The issue is related to a remote code execution problem in the Windows Remote Desktop Services, which is associated with data type mixing errors. This allows a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Protocol Server (affected versions not specified) Description: The issue is related to a use after free vulnerability in the Remote Desktop Protocol Server of Windows operating systems, which can allow a remote attacker to execute arbitrary code. This vulnerability can be exploited by sending specially crafted RDP requests, and authentication is not required. The estimated number of potentially affected devices worldwide is not specified. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Deployment Services (affected versions not specified) **Description** The issue is related to a use-after-free memory vulnerability in Windows Deployment Services. This vulnerability can be exploited by a remote attacker to execute arbitrary code, potentially affecting the system. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure IoT Hub Device Client SDK (affected versions not specified) **Description** The issue is related to a memory reuse error in the Azure IoT Hub Device Client SDK toolkit and libraries. Exploitation of this issue may allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure IoT SDK (affected versions not specified) **Description** The issue is related to the use of memory after it has been freed, which can be exploited to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Azure Kinect SDK (affected versions not specified) Description: The issue is related to numerical truncation errors in the Azure Kinect SDK. Exploitation of this issue may allow an attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC Driver for SQL Server (affected versions not specified) Description: The issue is related to an integer overflow in the Microsoft ODBC Driver for SQL Server library. This allows a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Cryptographic Services (affected versions not specified) **Description** The issue is related to insufficient input validation in Windows Cryptographic Services, which can be exploited to execute arbitrary code. This allows remote attackers to affect the system. There are reports of potential exploitation, but details about the estimated number of affected devices or real-world incidents are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware ESXi, Workstation, and Fusion (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox, whereas on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware ESXi, Workstation, and Fusion (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in the UHCI USB controller of the affected software. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. This vulnerability is associated with a lack of protection for service data, which could allow an attacker to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft SQL Server, which can be exploited to cause a denial of service. This allows an attacker to affect the system. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient input validation in the Active Template Library (ATL) of Windows operating systems. This can be exploited by a remote attacker to cause a denial of service. A denial-of-service vulnerability allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware ESXi (affected versions not specified) **Description** The issue is related to a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process may create a denial of service condition on the host. This can be achieved by exploiting the vulnerability, allowing the attacker to cause a service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ISC DHCP versions 4.1-ESV-R1 through 4.1-ESV-R16-P1 ISC DHCP versions 4.4.0 through 4.4.3 **Description** The issue is related to the function `add option()` in ISC DHCP, which is used in server responses to lease query packets. When `option code hash lookup()` is called from `add option()`, it increases the option's `refcount` field, but there is no corresponding call to `option dereference()` to decrement the `refcount` field. This can cause the reference counters to overflow, leading to a server abort. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For ISC DHCP versions 4.1-ESV-R1 through 4.1-ESV-R16-P1, update to a version that includes a fix for the issue. For ISC DHCP versions 4.4.0 through 4.4.3, update to a version that includes a fix for the issue. As a temporary workaround, consider restricting access to the `add option()` function to minimize the risk of exploitation.