Vishnu Dev Tj

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 11.3-RELEASE before p9 FreeBSD versions 11.4-BETA1 before p1 FreeBSD versions 11.4-STABLE before r360973 FreeBSD versions 12.1-RELEASE before p5 FreeBSD versions 12.1-STABLE before r360973 **Description** The FTP packet handler in libalias incorrectly calculates some packet length, allowing disclosure of small amounts of kernel for kernel NAT or natd process space for userspace natd. **Recommendations** For FreeBSD version 11.3-RELEASE, update to at least p9. For FreeBSD version 11.4-BETA1, update to at least p1. For FreeBSD version 11.4-STABLE, update to at least r360973. For FreeBSD version 12.1-RELEASE, update to at least p5. For FreeBSD version 12.1-STABLE, update to at least r360973.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.40 Oracle VM VirtualBox versions prior to 6.0.20 Oracle VM VirtualBox versions prior to 6.1.6 **Description** The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox. **Recommendations** For versions prior to 5.2.40, update to version 5.2.40 or later. For versions prior to 6.0.20, update to version 6.0.20 or later. For versions prior to 6.1.6, update to version 6.1.6 or later.

**Name of the Vulnerable Software and Affected Versions** QEMU versions 4.2.0 libslirp version 4.1.0 **Description** The issue is related to a memory management error in the `tcp emu` function of the QEMU software, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. This can lead to a heap-based buffer overflow or other out-of-bounds access, potentially allowing the execution of arbitrary code. The vulnerability is demonstrated by IRC DCC commands in EMU IRC. **Recommendations** For QEMU version 4.2.0, consider updating to a newer version that addresses the memory management issue in the `tcp emu` function. For libslirp version 4.1.0, as a temporary workaround, consider restricting access to the `tcp subr.c` module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.