Yu

Name of the Vulnerable Software and Affected Versions: com.transsion.videocallenhancer version 1.1.9.973 Description: The mobile application interface has improper permission control, which can lead to the risk of private file leakage. This issue can result in unauthorized access to private files. Recommendations: For version 1.1.9.973, update the app immediately and review file permissions to mitigate the risk of private file leakage. As a temporary workaround, consider restricting access to sensitive files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** total.js versions prior to 3.4.8 **Description** The issue concerns Remote Code Execution (RCE) via the `set` function. total.js is a framework for Node.js, similar to other frameworks like Laravel or Django, and can be used for various applications. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.4.8, update to version 3.4.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `set` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dext5 Upload versions 5.0.0.112 and earlier **Description** The issue allows remote files to be executed by setting the arguments to the ActiveX method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. **Recommendations** For versions 5.0.0.112 and earlier, consider disabling the ActiveX control until a patch is available to prevent remote file execution. Restrict access to the dext5.ocx ActiveX Control to minimize the risk of exploitation. Avoid using the affected ActiveX method in web pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zoneplayer versions 2.0.1.3 and prior versions Zoneplayer version 2.0.1.4 **Description** The issue allows an attacker to cause arbitrary code execution due to a file download vulnerability in the ZInsX.ocx ActiveX Control of Zoneplayer on Windows. **Recommendations** For Zoneplayer versions 2.0.1.3 and prior versions, update to a version later than 2.0.1.3 to resolve the issue. For Zoneplayer version 2.0.1.4, update to a version later than 2.0.1.4 to resolve the issue. As a temporary workaround, consider disabling the ZInsX.ocx ActiveX Control until a patch is available.