Zenofex

**Name of the Vulnerable Software and Affected Versions** Academy Software Foundation OpenEXR image parsing library versions 3.2.1 and prior **Description** The issue is caused by a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, leading to a heap-based buffer overflow. This allows a remote attacker to read or write arbitrary data. The vulnerability was resolved in versions v3.2.2 and v3.1.12 of the affected library. **Recommendations** For versions 3.2.1 and prior, update to version v3.2.2 or v3.1.12 to resolve the issue. As a temporary workaround, consider restricting the use of OpenEXR files containing deep scanline data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.0.0 through 4.0.7 **Description** The issue is related to a divide by zero error in the CP2179 component of Wireshark, which can be exploited by a remote attacker to cause a denial of service. This occurs due to a failure in validating the length provided by an attacker-crafted CP2179 packet. **Recommendations** For Wireshark versions 2.0.0 through 4.0.7, update to a version that fixes the divide by zero error in the CP2179 component to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose version 7.10 **Description** The issue arises from a failure to validate the length of a provided MQTT CMD PUBLISH parsed message with a variable length header, leading to a heap-based buffer overflow vulnerability in the default configuration. **Recommendations** For version 7.10, update to version 7.11 to resolve the issue. As a temporary workaround, consider restricting the use of the MQTT CMD PUBLISH message with a variable length header until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CUPS versions prior to 2.4.7 **Description** The issue is related to a failure in validating the length provided by an attacker-crafted PPD PostScript document, making CUPS and libppd susceptible to a heap-based buffer overflow and possibly code execution. This can be exploited by an attacker to potentially elevate privileges and execute arbitrary code. **Recommendations** For versions prior to 2.4.7, update to CUPS version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting the processing of PPD PostScript documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.0.5 and prior **Description** The issue arises from a failure to validate the length of an attacker-crafted MSMMS packet, leading to a heap-based buffer overflow. This could result in code execution within the context of the process running the affected software. The issue is particularly relevant in unusual configurations. **Recommendations** For Wireshark versions 4.0.5 and prior, update to a version that addresses this issue to prevent potential heap-based buffer overflow and code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.0.5 and prior **Description** The issue arises from a failure to validate the length provided by an attacker-crafted IEEE-C37.118 packet, making Wireshark susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. **Recommendations** For Wireshark versions 4.0.5 and prior, consider disabling the processing of IEEE-C37.118 packets until a patch is available. As a temporary workaround, restrict access to the vulnerable function that handles IEEE-C37.118 packets to minimize the risk of exploitation. Avoid using Wireshark to analyze potentially malicious packets until the issue is resolved.

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget tabbedcontainer tab panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 5.5.4 through 5.6.2 **Description** The issue allows remote command execution via crafted subWidgets data in an "ajax/render/widget tabbedcontainer tab panel" request. This is due to an incomplete fix for a previous issue. The vulnerability can be exploited by a remote attacker to execute arbitrary commands. It has been reported that this issue is being actively exploited in the wild. **Recommendations** For versions 5.5.4 through 5.6.2, consider disabling the `ajax/render/widget tabbedcontainer tab panel` request until a patch is available. Restrict access to the subWidgets data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Western Digital MyCloud PR4100 version 2.30.172 **Description** An issue in the web administration component allows for multipart upload functionality to be accessible without authentication. This is specifically related to the "/web/jquery/uploader/multi uploadify.php" endpoint, which can be used to place a file anywhere on the device's file system. As a result, an attacker can upload a PHP shell onto the device and obtain arbitrary code execution as root. The vulnerability is related to deficiencies in the authentication procedure of the web interface. **Recommendations** For Western Digital MyCloud PR4100 version 2.30.172, as a temporary workaround, consider disabling access to the "/web/jquery/uploader/multi uploadify.php" endpoint until a patch is available. Restricting access to this endpoint can minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.