Bazarr

**Name of the Vulnerable Software and Affected Versions** traceroute-nanog version 6.1.1 **Description** The issue allows local users to potentially execute arbitrary code via certain arguments that cause an integer overflow, leading to a buffer overflow. This can be achieved by exploiting the `nprobes` and `max ttl` arguments. Additionally, there are multiple vulnerabilities in the traceroute-nanog package that can lead to disruption of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For traceroute-nanog version 6.1.1, consider restricting the use of the `nprobes` and `max ttl` arguments to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using these arguments in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** typespeed versions 0.4.1 and earlier **Description** The issue affects the typespeed package in Debian GNU/Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. A buffer overflow in net swapscore allows remote attackers to execute arbitrary code. **Recommendations** For typespeed versions 0.4.1 and earlier, update to a version later than 0.4.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Eterm version 0.9.2 Description: A buffer overflow issue exists, allowing local users to gain privileges through a long ETERMPATH environment variable. Recommendations: For Eterm version 0.9.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: xaos versions 3.0-23 and earlier Description: The issue allows local users to gain root privileges via a long `-language` option when running setuid. Recommendations: For xaos versions 3.0-23 and earlier, update to a version later than 3.0-23 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: slocate (affected versions not specified) Description: The issue is related to an integer overflow in the `parse decode path()` function of slocate. This overflow can occur when a `LOCATE PATH` with a large number of ":" (colon) characters is used, as the count of these characters is utilized in a call to `malloc()`. This could potentially allow attackers to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.