Vincent Danen

**Nome do software vulnerável e versões afetadas** Versões 0.3.10 e anteriores do tucan **Descrição** O problema está relacionado a um mecanismo de atualização de plug-ins inseguro, o que poderia permitir que invasores remotos realizassem ataques man-in-the-middle e executassem código arbitrário com as permissões do usuário que está executando o software. **Recomendações** Para as versões 0.3.10 e anteriores, atualize para uma versão posterior à 0.3.10 para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do 389 Directory Server anteriores à 1.2.7.1 Versões do HP-UX Directory Server anteriores à B.08.10.03 **Descrição** A vulnerabilidade permite que usuários locais obtenham informações confidenciais ao ler o log quando o registro de auditoria está habilitado. Isso ocorre porque a senha do Directory Manager (`nsslapd-rootpw`) é registrada em texto simples ao alterar `cn=config:nsslapd-rootpw`. **Recomendações** Para versões do 389 Directory Server anteriores à 1.2.7.1, atualize para a versão 1.2.7.1 ou posterior para resolver o problema. Para versões do HP-UX Directory Server anteriores à B.08.10.03, atualize para a versão B.08.10.03 ou posterior para resolver o problema. Como solução alternativa temporária, considere desativar o registro de auditoria até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas: Versões do Symfony 2.0.X a 2.3.X anteriores às versões 2.0.24, 2.1.12, 2.2.5 e 2.3.3 Versão 2.0.X do Symfony anterior à versão 2.0.24 Versão 2.1.X do Symfony anterior à 2.1.12 Versão 2.2.X do Symfony anterior à 2.2.5 Versão 2.3.X do Symfony anterior à 2.3.3 No entanto, para seguir as instruções e consolidar os intervalos na forma mais concisa, o texto acima pode ser simplificado para: Versões 2.0.X a 2.3.X do Symfony anteriores às respectivas versões 2.0.24, 2.1.12, 2.2.5 e 2.3.3 Descrição: A vulnerabilidade reside no componente HttpFoundation, onde o cabeçalho Host pode ser manipulado por um invasor quando a estrutura está gerando uma URL absoluta. Um invasor remoto poderia explorar isso para injetar conteúdo malicioso na página do aplicativo web e realizar vários ataques. Recomendações: Para a versão 2.0.X do Symfony, atualize para a versão 2.0.24 ou posterior. Para a versão 2.1.X do Symfony, atualize para a versão 2.1.12 ou posterior. Para a versão 2.2.X do Symfony, atualize para a versão 2.2.5 ou posterior. Para a versão 2.3.X do Symfony, atualize para a versão 2.3.3 ou posterior.

**Name of the Vulnerable Software and Affected Versions** gksu-polkit versions prior to 0.0.3-6.fc18 **Description** A security issue was reported, but the patch applied to version 0.0.3-6.fc18 was improper and did not fix the issue. **Recommendations** For versions prior to 0.0.3-6.fc18, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NetworkManager version 0.9.2.0 **Description** The issue arises when a new wireless network is created with WPA/WPA2 security in AdHoc mode, resulting in the creation of an open or insecure network. **Recommendations** For NetworkManager version 0.9.2.0, consider configuring the network settings manually to ensure the creation of a secure network, as the automatic setup may lead to an insecure configuration.

**Name of the Vulnerable Software and Affected Versions** ecryptfs-utils (affected versions not specified) **Description** The issue is related to the suid helper in ecryptfs-utils, which does not properly restrict mounting filesystems with nosuid and nodev options. This oversight creates a possible privilege escalation scenario. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PolarSSL versions 0.99pre4 through 1.1.1 **Description** A security bypass issue exists due to a weak encryption error when generating Diffie-Hellman values and RSA keys. This affects the generation of secure keys, potentially compromising the encryption. **Recommendations** For PolarSSL versions 0.99pre4 through 1.1.1, consider updating to a version that addresses the weak encryption error to prevent security bypass issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mom (affected versions not specified) **Description** The issue is related to the creation of world-writable pid files in /var/run by mom. This could potentially allow unauthorized access or modification of these files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OFBiz versions 16.11.01 through 16.11.04 **Description** The issue affects the /webtools/control/xmlrpc endpoint in the OFBiz XML-RPC event handler, making it vulnerable to External Entity Injection. This is achieved by passing DOCTYPE declarations with executable payloads, which can disclose the contents of files in the filesystem. Additionally, it can be used to probe for open network ports and determine whether a file exists or not based on returned error messages. **Recommendations** For OFBiz versions 16.11.01 through 16.11.04, consider disabling access to the /webtools/control/xmlrpc endpoint until a patch is available. As a temporary workaround, restrict the use of the XML-RPC event handler to minimize the risk of exploitation. Avoid using the endpoint for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeIPA versions 3.0 **Description** The issue arises from improper server identity verification before transmitting credential-containing cookies. **Recommendations** For FreeIPA version 3.0, update to a version that properly checks server identity before sending credential-containing cookies.

**Name of the Vulnerable Software and Affected Versions** surf (affected versions not specified) **Description** The issue concerns a cookie jar in the surf application that has read access from other local users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mwlib versions 0.13 through 0.13.4 **Description** The issue is related to a denial of service vulnerability that occurs when parsing #iferror magic functions. **Recommendations** For mwlib versions 0.13 through 0.13.4, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libpoe-component-irc-perl versions prior to 6.32 **Description** The issue allows execution of arbitrary IRC commands by passing a specially crafted argument to the 'privmsg' handler, potentially causing the client to disconnect from the server. This can be achieved by including carriage returns and line feeds in the argument, such as "some textrQUIT". **Recommendations** For versions prior to 6.32, consider removing or properly handling carriage returns and line feeds in arguments passed to the 'privmsg' handler to prevent arbitrary IRC command execution. As a temporary workaround, restrict the use of the 'privmsg' handler until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone (affected versions not specified) **Description** The issue allows extremely long passwords to crash Keystone by exhausting stack space. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** qpid-cpp version 1.0 **Description** The issue occurs when a large message is sent and the Digest-MD5 mechanism with a security layer is in use, causing qpid-cpp to crash. **Recommendations** For qpid-cpp version 1.0, consider disabling the Digest-MD5 mechanism with a security layer as a temporary workaround until a patch is available. Restrict the size of messages to prevent crashes.

**Name of the Vulnerable Software and Affected Versions** Red Hat Directory Server version 8 389 Directory Server (affected versions not specified) **Description** The issue allows attackers to cause a denial of service via a crafted search query, resulting in a NULL pointer dereference. This is due to a problem in the ` ger parse control` function. **Recommendations** For Red Hat Directory Server version 8: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For 389 Directory Server: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Redis version 2.6 **Description** The issue is related to an insecure temporary file vulnerability. It is associated with the /tmp/redis.ds file in Redis. **Recommendations** For Redis version 2.6, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict access to the /tmp/redis.ds file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** php-symfony2-Validator (affected versions not specified) **Description** The issue concerns the loss of information during serialization when using the Validator component with caching enabled, specifically with `SymfonyComponentValidatorMappingCacheApcCache` or any other cache implementing `SymfonyComponentValidatorMappingCacheCacheInterface`. This results in the loss of the `collectionCascaded` and `collectionCascadedDeeply` fields. As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator once the validator configuration is loaded from the cache. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bitlbee (affected versions not specified) **Description** The issue is related to Bitlbee not dropping extra group privileges correctly in the unix.c file. This could potentially lead to security problems, although specific details about exploitation or affected devices are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki (affected versions not specified) **Description** The issue allows deleted text to be exposed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.