Winston Ho

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A malicious insider exploiting this issue can circumvent existing security controls put in place by the organization. If the victim is using a temporary bypass to reach the Internet for updates, a remote device could target it, undo the bypass, and deny access to the update service, causing it to fail. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC media player versions 2.2.x **Description** The issue is related to a use after free vulnerability. This can be exploited by an attacker to execute arbitrary code using specially crafted mkv files. Failed attempts to exploit this issue may result in denial of service conditions. **Recommendations** For version 2.2.x, consider avoiding the use of mkv files until a patch is available. As a temporary workaround, restrict the use of potentially vulnerable functions related to mkv file processing to minimize the risk of exploitation.