Vudq16

**Name of the Vulnerable Software and Affected Versions** Alpine Halo9 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this issue. The specific flaw exists within the `DecodeUTF7` function, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xiaomi Pro 13 (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the manual-upgrade.html file, where the process does not properly sanitize user-supplied data for the `manualUpgradeInfo` parameter, leading to the injection of an arbitrary script. An attacker can leverage this issue to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.