Bowlofeggs

**Name of the Vulnerable Software and Affected Versions** protobuf-c versions prior to 1.4.1 **Description** The issue is related to an unsigned integer overflow in the `parse required member()` function of the protobuf-c protocol serialization data. This can be exploited by a remote attacker to execute arbitrary code, potentially leading to full system compromise. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `parse required member()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pagure version 5.2 **Description** The issue allows for the leakage of API keys via email, which can be intercepted by man-in-the-middle attackers due to the lack of TLS certificate validation on many email servers. This can lead to unauthorized access to Pagure on behalf of other users. The problem is specifically found in the API token expiration reminder cron job, located in the files/api key expire mail.py file. **Recommendations** For Pagure version 5.2, consider disabling the API token expiration reminder cron job as a temporary workaround to prevent API key leakage.

**Name of the Vulnerable Software and Affected Versions** Bodhi versions 2.9.0 and lower **Description** The issue is related to cross-site scripting, which can result in code injection due to incorrect validation of bug titles. **Recommendations** For Bodhi versions 2.9.0 and lower, update to a version higher than 2.9.0 to resolve the issue.