Nsecho

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions prior to 3.11.24 RabbitMQ versions prior to 3.12.7 **Description** The issue is related to the HTTP API of RabbitMQ, a multi-protocol messaging and streaming broker, which did not enforce an HTTP request body limit. This made it vulnerable to denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish very large messages over the HTTP API, causing the target node to be terminated by an "out-of-memory killer"-like mechanism. **Recommendations** For RabbitMQ versions prior to 3.11.24, update to version 3.11.24 or later to resolve the issue. For RabbitMQ versions prior to 3.12.7, update to version 3.12.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CatoNetworks CatoClient versions prior to 5.4.0 **Description** The issue allows attackers to escalate privileges by winning the race condition (TOCTOU) via the PrivilegedHelperTool component. This enables attackers to gain elevated access, potentially leading to further system compromise. **Recommendations** For versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the PrivilegedHelperTool component until a patch is available. Restrict access to sensitive system resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** github.com/gomarkdown/markdown versions prior to 0.0.0-20230922105210-14b16010c2ee **Description** The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Parsing malformed markdown input with a parser that uses the parser.Mmark extension could result in an out-of-bounds read issue. To exploit this, the parser needs to have the parser.Mmark extension set. The issue occurs inside the citation.go file on line 69 when the parser tries to access an element past its length, resulting in a denial of service. **Recommendations** For versions prior to 0.0.0-20230922105210-14b16010c2ee, update to a version that includes the patch for this issue, such as 0.0.0-20230922105210-14b16010c2ee or later. As a temporary workaround, consider disabling the parser.Mmark extension until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NoMachine Free Edition and Enterprise Client for macOS versions prior to 8.8.1 **Description** An arbitrary file overwrite issue allows attackers to overwrite root-owned files by using hardlinks. This can be exploited in NoMachine Free Edition and Enterprise Client for macOS. **Recommendations** For versions prior to 8.8.1, update to version 8.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive root-owned files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Perimeter81 version 10.0.0.19 **Description** The issue allows Local Privilege Escalation to root via shell metacharacters in `usingCAPath`. **Recommendations** For Perimeter81 version 10.0.0.19, consider restricting access to the `usingCAPath` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.