Erik Sjolund

**Name of the Vulnerable Software and Affected Versions** ncpfs versions prior to 2.2.6 **Description** A buffer overflow issue in the ncplogin component of ncpfs allows remote malicious NetWare servers to execute arbitrary code on the NetWare client. **Recommendations** For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Enscript version 1.6.3 **Description** The issue allows remote attackers or local users to execute arbitrary commands via crafted filenames because Enscript 1.6.3 does not sanitize filenames. **Recommendations** For Enscript version 1.6.3, consider implementing filename sanitization to prevent the execution of arbitrary commands. As a temporary workaround, restrict the ability to create or modify filenames to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: enscript version 1.6.3 Description: The issue is related to multiple buffer overflows, which can be exploited by remote attackers or local users to cause a denial of service, resulting in an application crash. Recommendations: For enscript version 1.6.3, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ncpfs versions prior to 2.2.6 ncpfs-2.2.0.18 **Description** The issue concerns multiple vulnerabilities in the ncpfs package, which can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited locally. **Recommendations** For ncpfs versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. For ncpfs-2.2.0.18, consider disabling the vulnerable functions until a patch is available. As a temporary workaround, consider restricting access to the ncpfs package to minimize the risk of exploitation.