Winmin

**Name of the Vulnerable Software and Affected Versions** cups-filters (affected versions not specified) **Description** The issue is related to the Backend Error Handler (beh) component of the cups-filters package, which does not properly sanitize special elements used in operating system commands. This can be exploited by a remote attacker to execute arbitrary commands on the print server by sending a specially crafted print job. The `beh.c` file contains a line that calls the `system` command with the operand `cmdline`, which includes multiple user-controlled, unsanitized values. As a result, an attacker with network access to the hosted print server can inject system commands that are executed in the context of the running server. **Recommendations** To resolve the issue, users are advised to upgrade to the next release when possible. In the meantime, it is recommended to restrict access to network printers. Additionally, as a temporary workaround, consider disabling the `beh` component until a patch is available. Restrict access to the `beh.c` file to minimize the risk of exploitation. Avoid using the `cmdline` variable in the affected `system` command until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tasmota versions before commit 066878da4d4762a9b6cb169fdf353e804d735cfd **Description** A stack overflow issue was discovered via the `ClientPortPtr` parameter at lib/libesp32/rtsp/CRtspSession.cpp. **Recommendations** For versions before commit 066878da4d4762a9b6cb169fdf353e804d735cfd, consider updating to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the `CRtspSession.cpp` function until a patch is available. Avoid using the `ClientPortPtr` parameter in the affected rtsp session until the issue is resolved.