Alexander E. Patrakov

#14992of 53,633
17.9Total CVSS
Vulnerabilities · 3
Low
1
Medium
1
Critical
1
PT-2020-5157
10
2020-02-24
Openbsd · Opensmtpd · CVE-2020-8794
**Name of the Vulnerable Software and Affected Versions** OpenSMTPD versions prior to 6.6.4 **Description** The issue is related to an out-of-bounds read in the `mta io` function in `mta session.c` for multi-line replies, which can allow remote code execution. Although this affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. The vulnerability can be exploited by sending specially crafted emails, potentially allowing attackers to take over vulnerable remote servers. **Recommendations** For OpenSMTPD versions prior to 6.6.4, update to version 6.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mta io` function in `mta session.c` until a patch is available. Avoid using the vulnerable code during bounce handling to minimize the risk of exploitation.
PT-2020-7575
5.3
2020-02-17
Webkitgtk · Webkitgtk · CVE-2013-7324
**Name of the Vulnerable Software and Affected Versions** Webkit-GTK versions 2.x **Description** The issue allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. This behavior complies with existing W3C standards and existing practices for GNOME desktop integration. **Recommendations** For Webkit-GTK version 2.x, consider disabling HTML5 audio/video support based on GStreamer as a temporary workaround until a patch is available. Restrict access to malicious javascript to minimize the risk of exploitation.
PT-2015-6443
2.6
2015-06-08
Strongswan · Strongswan Vpn Client · CVE-2015-4171
**Name of the Vulnerable Software and Affected Versions** strongSwan versions 4.3.0 through 5.x before 5.3.2 strongSwan VPN Client versions prior to 1.4.6 **Description** The issue concerns the authentication process for IKEv2 connections using EAP or pre-shared keys. It does not enforce server authentication restrictions until the entire authentication process is complete. This allows remote servers to obtain credentials by using a valid certificate and then reading the responses. **Recommendations** For strongSwan versions 4.3.0 through 5.x before 5.3.2, update to version 5.3.2 or later to resolve the issue. For strongSwan VPN Client versions prior to 1.4.6, update to version 1.4.6 or later to resolve the issue.