Çağrı Eser

**Name of the Vulnerable Software and Affected Versions** Pardus versions 0.6.4 through 0.7.x **Description** Improper neutralization of CRLF sequences, also known as CRLF injection, in TUBITAK BILGEM Software Technologies Research Institute Pardus allows for Authentication Bypass. CRLF injection occurs when an application fails to filter carriage return (CR) and line feed (LF) characters, allowing an attacker to inject new lines into HTTP headers. **Recommendations** Update to version 0.8.0.

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.

**Name of the Vulnerable Software and Affected Versions** Pardus About versions prior to 1.2.1 **Description** Improper link resolution before file access, also known as link following, allows a Symlink Attack. This occurs when the software does not properly validate symbolic links, potentially allowing an attacker to access files outside of the intended directory. **Recommendations** Update to version 1.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Pardus Software Center versions prior to 1.0.3 **Description** An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows access to files or directories outside the intended folder. **Recommendations** Update to version 1.0.3 or later.